CVE-2026-31431
Analyzed
Analyzed - Analysis Complete
BaseFortify
Vulnerability report for CVE-2026-31431, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-04-22
Last updated on: 2026-07-01
Assigner: kernel.org
Description
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux_aus | 8.4 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_tus | 8.6 |
| redhat | enterprise_linux_aus | 8.6 |
| redhat | enterprise_linux_tus | 8.8 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.8 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.2 |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.0 |
| redhat | enterprise_linux_eus | 9.4 |
| redhat | enterprise_linux | 10.0 |
| redhat | enterprise_linux_eus | 9.6 |
| redhat | enterprise_linux_eus | 10.0 |
| redhat | openshift_container_platform | From 4.12 (inc) to 4.12.89 (exc) |
| redhat | openshift_container_platform | From 4.13 (inc) to 4.13.66 (exc) |
| redhat | openshift_container_platform | From 4.14 (inc) to 4.14.65 (exc) |
| redhat | openshift_container_platform | From 4.15 (inc) to 4.15.64 (exc) |
| redhat | openshift_container_platform | From 4.16 (inc) to 4.16.61 (exc) |
| redhat | openshift_container_platform | From 4.17 (inc) to 4.17.53 (exc) |
| redhat | openshift_container_platform | From 4.18 (inc) to 4.18.40 (exc) |
| redhat | openshift_container_platform | From 4.19 (inc) to 4.19.30 (exc) |
| redhat | openshift_container_platform | From 4.20 (inc) to 4.20.21 (exc) |
| redhat | openshift_container_platform | From 4.21 (inc) to 4.21.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1288 | The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent. |
| CWE-669 | The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource. |