CVE-2026-31431
Last modified
CVE-2026-31431 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.. CISA has confirmed active exploitation in the wild. EPSS estimates a 96.78% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | >= 4.14, < 5.10.254 | — |
| Linux | Linux Kernel | >= 5.11, < 5.15.204 | — |
| Linux | Linux Kernel | >= 5.16, < 6.1.170 | — |
| Linux | Linux Kernel | >= 6.2, < 6.6.137 | — |
| Linux | Linux Kernel | >= 6.7, < 6.12.85 | — |
| Linux | Linux Kernel | >= 6.13, < 6.18.22 | — |
| Linux | Linux Kernel | >= 6.19, < 6.19.12 | — |
| Linux | Linux Kernel | 7.0 | Rc1 |
| Redhat | Openshift Container Platform | 4.0 | — |
| Redhat | Enterprise Linux | 8.0 | — |
| Redhat | Enterprise Linux | 9.0 | — |
| Redhat | Enterprise Linux | 10.0 | — |
| Redhat | Enterprise Linux | 10.1 | — |
| Amazon | Amazon Linux | All versions | — |
| Canonical | Ubuntu Linux | All versions | — |
| Debian | Debian Linux | 11.0 | — |
| Debian | Debian Linux | 12.0 | — |
| Debian | Debian Linux | 13.0 | — |
| Opensuse | Leap | 15.3 | — |
| Opensuse | Leap | 15.4 | — |
| Opensuse | Leap | 15.5 | — |
| Opensuse | Leap | 15.6 | — |
| Suse | Caas Platform | 4.0 | — |
| Suse | Enterprise Storage | 6.0 | — |
| Suse | Enterprise Storage | 7.0 | — |
| Suse | Enterprise Storage | 7.1 | — |
| Suse | Manager Proxy | 4.0 | — |
| Suse | Manager Proxy | 4.1 | — |
| Suse | Manager Proxy | 4.2 | — |
| Suse | Manager Proxy | 4.3 | — |
| Suse | Manager Retail Branch Server | 4.0 | — |
| Suse | Manager Retail Branch Server | 4.1 | — |
| Suse | Manager Retail Branch Server | 4.2 | — |
| Suse | Manager Retail Branch Server | 4.3 | — |
| Suse | Manager Server | 4.0 | — |
| Suse | Manager Server | 4.1 | — |
| Suse | Manager Server | 4.2 | — |
| Suse | Manager Server | 4.3 | — |
| Suse | Openstack Cloud | 9.0 | — |
| Suse | Openstack Cloud Crowbar | 9.0 | — |
| Suse | Basesystem Module | 15 | Sp1 |
| Suse | Development Tools Module | 15 | Sp1 |
| Suse | Legacy Module | 15 | Sp7 |
| Suse | Linux Enterprise Desktop | 11 | Sp4 |
| Suse | Linux Enterprise Desktop | 12 | Sp4 |
| Suse | Linux Enterprise Desktop | 15 | Sp1 |
| Suse | Linux Enterprise High Availability Extension | 15 | Sp4 |
| Suse | Linux Enterprise High Availability Extension | 16.0 | — |
| Suse | Linux Enterprise High Performance Computing | 15.0 | Sp1 |
| Suse | Linux Enterprise Live Patching | 12 | Sp5 |
Showing 50 of 88 affected configurations. See NVD for the full list.
References
- http://www.openwall.com/lists/oss-security/2026/04/29/23Exploit, Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/29/25Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/29/26Exploit, Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/30/10Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/30/11Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/30/12Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/30/14Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/30/15Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/30/16Mailing List, Patch
- http://www.openwall.com/lists/oss-security/2026/04/30/18Exploit, Mailing List
- http://www.openwall.com/lists/oss-security/2026/04/30/5Exploit, Mailing List, Patch
- https://copy.failExploit
- https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170Exploit, Third Party Advisory
- https://www.kb.cert.org/vuls/id/260001Third Party Advisory
- https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigationThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-082556.htmlThird Party Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-265688.htmlThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431US Government Resource
- https://xint.io/blog/copy-fail-linux-distributions#the-fix-6Exploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-31431?
How severe is CVE-2026-31431?
How do I fix CVE-2026-31431?
Are you affected by CVE-2026-31431?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST