CVE-2026-31431

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of the associated data.

There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < 893d22e0135fa394db81df88697fba6032747667affected
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < 19d43105a97be0810edbda875f2cd03f30dc130caffected
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < 961cfa271a918ad4ae452420e7c303149002875baffected
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < 3115af9644c342b356f3f07a4dd1c8905cd9a6fcaffected
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < 8b88d99341f139e23bdeb1027a2a3ae10d341d82affected
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8affected
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < ce42ee423e58dffa5ec03524054c9d8bfd4f6237affected
LinuxLinux72548b093ee38a6d4f2a19e6ef1948ae05c181f7 < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5affected
LinuxLinux4.14affected
LinuxLinux0 < 4.14unaffected
LinuxLinux5.10.254 <= 5.10.*unaffected
LinuxLinux5.15.204 <= 5.15.*unaffected
LinuxLinux6.1.170 <= 6.1.*unaffected
LinuxLinux6.6.137 <= 6.6.*unaffected
LinuxLinux6.12.85 <= 6.12.*unaffected
LinuxLinux6.18.22 <= 6.18.*unaffected
LinuxLinux6.19.12 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

Additional References

kernel: crypto: algif_aead - Revert to operating out-of-place

Additional References

References