CVE-2026-31431
HIGH CISA KEVCVSS v3.1: 7.8 · EPSS: 0.9677 (99.9 percentile) · CISA KEV: Yes
Source data as of:
At a glance
- Severity
- HIGH
- CVSS
- 7.8 v3.1 · NVD
- EPSS
- 0.9677 (99.9 percentile) · FIRST.org
- CISA KEV
- Yes KEV added: 2026-05-01
- Attack conditions (CVSS vector)
- No user interaction · Source: NVD Vector
- Affected vendors
- nixos, arista, siemens, linux, redhat, suse, canonical, vmware, debian, opensuse, amazon
- Published
- 2026-04-22 · Modified: 2026-06-30
- References
- Jump to references (8)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Reference https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c
- Reference https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc
- Reference https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667
- Reference https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82
- Reference https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b
- Reference https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
- Reference https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237
- Reference https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8