CVE-2026-31431

Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 22 Apr 2026, 08:15
Last modified:01 May 2026, 22:20

Vulnerability Summary

Overall Risk (default)
medium
42/100
CVSS Score
7.8 HIGH
v3.1 (cve.org)
EPSS Score
2.6% LOW
3% probability +2.59%
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
8 found
Dark Web
Not detected

Timeline

22 Apr 2026, 08:15
Published
Vulnerability first disclosed
01 May 2026, 00:00
Added to CISA KEV
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
01 May 2026, 22:20
Last Modified
Vulnerability information updated
15 May 2026, 00:00
CISA Remediation Due
"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CVSS Metrics

  • v3.1HIGHScore: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 2.60% Percentile: 86%

Techniques & Countermeasures

  • CWE-669Incorrect Resource Transfer Between Spheres

    The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

Affected Systems

  • linuxlinux

    ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < 893d22e0135fa394db81df88697fba6032747667 | ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < 19d43105a97be0810edbda875f2cd03f30dc130c | ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < 961cfa271a918ad4ae452420e7c303149002875b | ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc | ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 | ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 | ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 | ≥ 72548b093ee38a6d4f2a19e6ef1948ae05c181f7, < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 | 4.14

  • linuxlinux_kernel

    ≥ 4.14, < 5.10.254 | ≥ 5.11, < 5.15.204 | ≥ 5.16, < 6.1.170 | ≥ 6.2, < 6.6.137 | ≥ 6.7, < 6.12.85 | ≥ 6.13, < 6.18.22 | ≥ 6.19, < 6.19.12 | 7.0:rc1 | 7.0:rc2 | 7.0:rc3 | 7.0:rc4 | 7.0:rc5 | 7.0:rc6

References (41)