{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31431", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.089Z", "datePublished": "2026-04-22T08:15:10.123Z", "dateUpdated": "2026-04-22T08:15:10.123Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T08:15:10.123Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/af_alg.c", "crypto/algif_aead.c", "crypto/algif_skcipher.c", "include/crypto/if_alg.h"], "versions": [{"version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7", "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8", "status": "affected", "versionType": "git"}, {"version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7", "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237", "status": "affected", "versionType": "git"}, {"version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7", "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/af_alg.c", "crypto/algif_aead.c", "crypto/algif_skcipher.c", "include/crypto/if_alg.h"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.12", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.19.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"}, {"url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"}, {"url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"}], "title": "crypto: algif_aead - Revert to operating out-of-place", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."}], "id": "CVE-2026-31431", "lastModified": "2026-04-22T09:16:21.270", "metrics": {}, "published": "2026-04-22T09:16:21.270", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: crypto: algif_aead - Revert to operating out-of-place", "id": "2460538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1288", "details": ["A flaw was found in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect 'in-place operation' was introduced, where the source and destination data mappings were different. This could lead to unexpected behavior or data integrity issues during cryptographic operations, potentially impacting the reliability of encrypted communications."], "name": "CVE-2026-31431", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-31431\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31431\nhttps://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[72548b093ee38a6d4f2a19e6ef1948ae05c181f7,fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[72548b093ee38a6d4f2a19e6ef1948ae05c181f7,ce42ee423e58dffa5ec03524054c9d8bfd4f6237)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[72548b093ee38a6d4f2a19e6ef1948ae05c181f7,a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,4.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.22,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.12,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T15:03:38.214171+00:00", "value": {"mitigation_remediation": ["Apply a kernel update that includes the revert of the in\u2011place logic for algif_aead.", "If an immediate update is not feasible, cherry\u2011pick or apply the upstream patches referenced in the advisory URLs to replace the in\u2011place implementation with an out\u2011of\u2011place copy.", "Verify that no custom kernel modules or local modifications reintroduce the in-place behavior and that the kernel configuration does not compile the affected helper code in an unintended way."], "summary": {"action": "Patch", "impact": "Cryptographic Integrity Failure"}, "threat_synthesis": {"affected_systems": "All Linux kernel installations that incorporated the erroneous in\u2011place implementation of algif_aead may be affected. The specific kernel versions affected are not listed, but any release that contains the in\u2011place operation before the revert could be vulnerable. Distribution maintainers should verify whether the revert commit is present in their shipped kernel images.", "description_and_impact": "The vulnerability was discovered in the Linux kernel\u2019s cryptographic helper function algif_aead, where a change intended to enable in\u2011place handling of authentication data was later reverted. The in\u2011place logic could have caused memory overlap between source and destination buffers because they were mapped separately, potentially leading to corrupted authentication tags or incorrect encryption outputs. The revert restores a simple out\u2011of\u2011place copy and eliminates that overlap. This weakness corresponds to CWE\u20111288, where improper validation of credentials or data integrity can allow attackers to influence authentication results.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity. No EPSS score is available, and the vulnerability is not currently listed in the CISA KEV catalog, so the exploitation likelihood is uncertain. The attack likely requires the ability to send crafted cryptographic requests to the kernel, which could be achieved via local user processes that invoke the affected helper or through a higher\u2011privileged exploit that writes arbitrary data into the relevant buffers. The potential consequence, if the flaw had persisted, would be the generation or acceptance of incorrect authentication tags, which could lead to data integrity violations or a denial\u2011of\u2011service condition."}}}}, "created": "2026-04-22T10:00:10.249847+00:00", "updated": "2026-04-22T15:15:16.415779+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}