CVE-2026-31431 — HIGH (7.8)

Q: How severe is CVE-2026-31431?

CVE-2026-31431 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-31431?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Openshift Container Platform, Redhat Enterprise Linux, Amazon Amazon Linux, Canonical Ubuntu Linux.

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 4.14, < 5.10.254
Redhat	Openshift Container Platform	4.0
Redhat	Enterprise Linux	8.0
Amazon	Amazon Linux	-
Canonical	Ubuntu Linux	-
Debian	Debian Linux	11.0
Opensuse	Leap	15.3
Suse	Caas Platform	4.0
Suse	Enterprise Storage	6.0
Suse	Manager Proxy	4.0
Suse	Manager Retail Branch Server	4.0
Suse	Manager Server	4.0
Suse	Openstack Cloud	9.0
Suse	Openstack Cloud Crowbar	9.0
Suse	Basesystem Module	15
Suse	Development Tools Module	15
Suse	Legacy Module	15
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise High Availability Extension	15
Suse	Linux Enterprise High Performance Computing	15.0

Related Weaknesses (CWE)

CWE-669

References

https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130cPatch
https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fcPatch
https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667Patch
https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82Patch
https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875bPatch
https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5Patch
https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237Patch
https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8Patch
http://www.openwall.com/lists/oss-security/2026/04/29/23ExploitMailing ListPatch
http://www.openwall.com/lists/oss-security/2026/04/29/25Mailing ListPatch
http://www.openwall.com/lists/oss-security/2026/04/29/26ExploitMailing ListPatch
http://www.openwall.com/lists/oss-security/2026/04/30/10Mailing ListPatch
http://www.openwall.com/lists/oss-security/2026/04/30/11Mailing ListPatch
http://www.openwall.com/lists/oss-security/2026/04/30/12Mailing ListPatch
http://www.openwall.com/lists/oss-security/2026/04/30/14Mailing ListPatch

FAQ

What is CVE-2026-31431?

CVE-2026-31431 is a vulnerability with a CVSS score of 7.8 (HIGH). In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associ...

How severe is CVE-2026-31431?

CVE-2026-31431 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-31431?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Openshift Container Platform, Redhat Enterprise Linux, Amazon Amazon Linux, Canonical Ubuntu Linux.