CVE-2026-31431EXPLOITEDPATCHED

linux · linux kernel

crypto: algif_aead - Revert to operating out-of-place

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Affected Products

Vendor	Product	Versions
linux	linux kernel	72548b093ee38a6d4f2a19e6ef1948ae05c181f7, 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, 4.14

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source linux kernel	cert_advisory	90%

References

Related News (6 articles)

Tier C

oss-security5h ago

CVE-2026-31431: CopyFail: linux local privilege scalation

→ No new info (linked only)

Tier E

Hacker News7h ago

Copy Fail – CVE-2026-31431

→ No new info (linked only)

Tier A

Microsoft MSRC6d ago

CVE-2026-31431 crypto: algif_aead - Revert to operating out-of-place

→ No new info (linked only)

Tier B

BSI Advisories7d ago

[NEU] [mittel] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service

→ No new info (linked only)

Tier C

VulDB7d ago

CVE-2026-31431 | Linux Kernel up to 6.18.21/6.19.11 crypto algif_aead privilege escalation

→ No new info (linked only)

Tier C

Linux Kernel CVEs7d ago

CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place

→ No new info (linked only)

CVSS 3.17.8 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8ce42ee423e58dffa5ec03524054c9d8bfd4f6237a664bf3d603dc3bdcf9ae47cc21e0daec706d7a506.18.226.19.127.0

PublishedApr 22, 2026

Last enriched5h agov3

Trending Score84

Source articles6

Independent6

Info Completeness9/14

Missing: epss, cwe, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-31549EXP

i2c: cp2615: fix serial string NULL-deref at probe

Trending: 59

CRITICALCVE-2026-31661EXP

wifi: brcmsmac: Fix dma_free_coherent() size

Trending: 59

CRITICALCVE-2026-31689

EDAC/mc: Fix error path ordering in edac_mc_alloc()

Trending: 46

HIGHCVE-2026-23400EXP

rust_binder: call set_notification_done() without proc lock

Trending: 43

HIGHCVE-2026-31548

wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down

Trending: 40

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 22, 2026

Discovered by ZDM

Apr 22, 2026

Updated: description, severity, affectedVersions

Apr 22, 2026

Updated: description, exploitAvailable, activelyExploited

Apr 29, 2026

Actively Exploited

Apr 30, 2026

Exploit Available

Apr 30, 2026

Patch Available

Apr 30, 2026

Version History

Last enriched 5h ago

v3Tier C5h ago

Updated description with details about a local privilege escalation vulnerability and marked it as actively exploited with a working proof of concept.

descriptionexploitAvailableactivelyExploited

via oss-security

v2Tier C7d ago

Updated description with details on privilege escalation and changed severity to CRITICAL.

descriptionseverityaffectedVersions

via VulDB

v17d ago

Initial creation