{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31431", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-03-09T15:48:24.089Z", "datePublished": "2026-04-22T08:15:10.123Z", "dateUpdated": "2026-04-22T08:15:10.123Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-22T08:15:10.123Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/af_alg.c", "crypto/algif_aead.c", "crypto/algif_skcipher.c", "include/crypto/if_alg.h"], "versions": [{"version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7", "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8", "status": "affected", "versionType": "git"}, {"version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7", "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237", "status": "affected", "versionType": "git"}, {"version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7", "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/af_alg.c", "crypto/algif_aead.c", "crypto/algif_skcipher.c", "include/crypto/if_alg.h"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.22", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.12", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.18.22"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.19.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"}, {"url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"}, {"url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"}], "title": "crypto: algif_aead - Revert to operating out-of-place", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."}], "id": "CVE-2026-31431", "lastModified": "2026-04-22T09:16:21.270", "metrics": {}, "published": "2026-04-22T09:16:21.270", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[72548b093ee38a6d4f2a19e6ef1948ae05c181f7,fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[72548b093ee38a6d4f2a19e6ef1948ae05c181f7,ce42ee423e58dffa5ec03524054c9d8bfd4f6237)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[72548b093ee38a6d4f2a19e6ef1948ae05c181f7,a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.14"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,4.14)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.22,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.12,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-22T09:51:31.036098+00:00", "value": {"mitigation_remediation": ["Apply a Linux kernel update that contains the algif_aead out\u2011of\u2011place copy revert commit.", "If an update cannot be applied immediately, cherry\u2011pick or apply the upstream patch referenced in the advisory URLs to replace the in\u2011place logic.", "Confirm that the kernel configuration or any custom modules no longer introduce the in\u2011place operation; audit the build for modified cryptographic helper code."], "summary": {"action": "Patch", "impact": "Cryptographic Integrity Failure"}, "threat_synthesis": {"affected_systems": "All Linux kernel installations that incorporated the erroneous in\u2011place implementation of algif_aead might be affected. The exact kernel versions are not listed, but any release that contains the commit adding the in\u2011place operation before the revert could be vulnerable. Vendors and users of distributions shipping those kernel releases should verify whether the revert commit is present in their kernel code.", "description_and_impact": "The vulnerability involved the Linux kernel cryptographic helper function algif_aead. A recent change introduced in\u2011place handling of authentication data, even though the source and destination memory regions were separate. The commit adding this logic was later reverted to a simple out\u2011of\u2011place copy. The reversion removes the potential for overlapping memory accesses that could corrupt authentication data. If the incorrect in\u2011place logic had remained, an attacker providing specially crafted cryptographic requests could have caused the kernel to produce or validate incorrect authentication tags, thereby undermining data integrity or enabling denial of service. The CVE description does not explicitly state the impact, so the inference is that the risk concerned the correctness of authentication data processing.", "risk_and_exploitability": "No EPSS score is available and the vulnerability is not listed in KEV, so quantitative exploitation likelihood is unknown. The CVSS score is not provided. The nature of the bug\u2014memory handling in kernel cryptographic code\u2014suggests that an attacker would likely need local or kernel\u2011privileged access or the ability to supply crafted cryptographic data to trigger the issue, potentially leading to integrity failure or denial of service. The risk level is therefore uncertain but could be considered moderate to high if the flaw were present in a running kernel."}}}}, "created": "2026-04-22T10:00:10.249847+00:00", "updated": "2026-04-22T10:30:14.394407+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}