Cyber Posture

CVE-2026-31431

HighCISA KEVActive ExploitationPublic PoC

Published: 22 April 2026

Published
22 April 2026
Modified
08 May 2026
KEV Added
01 May 2026
Patch
29 April 2026
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0391 88.4th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since…

more

the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the vulnerability by requiring timely application of Linux kernel patches that revert the unnecessary in-place operation in algif_aead.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Enables identification of systems affected by CVE-2026-31431 through regular vulnerability scanning of kernel versions.

SI-16 Memory Protection partial match
prevent

Mitigates potential memory corruption from improper in-place operations on different mappings via mechanisms like ASLR and non-executable memory.

Security SummaryAI

CVE-2026-31431 is a vulnerability in the Linux kernel's crypto/algif_aead component, stemming from an unnecessary in-place operation introduced in commit 72548b093ee3. The fix reverts to out-of-place operation, retaining only the copying of associated data, as source and destination buffers originate from different mappings, providing no performance benefit while adding complexity. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-669.

A local attacker with low privileges can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables high-impact disruption to confidentiality, integrity, and availability.

Mitigation involves applying the stable kernel patches referenced in the following commits: 19d43105a97be0810edbda875f2cd03f30dc130c, 3115af9644c342b356f3f07a4dd1c8905cd9a6fc, 893d22e0135fa394db81df88697fba6032747667, 8b88d99341f139e23bdeb1027a2a3ae10d341d82, and 961cfa271a918ad4ae452420e7c303149002875b, available via git.kernel.org.

Details

CWE(s)
CWE-669
KEV Date Added
01 May 2026

Affected Products

linux
linux kernel
7.0 · 4.14 — 5.10.254 · 5.11 — 5.15.204 · 5.16 — 6.1.170
redhat
openshift container platform
4.0
redhat
enterprise linux
10.0, 10.1, 8.0, 9.0
amazon
amazon linux
all versions
canonical
ubuntu linux
all versions
debian
debian linux
11.0, 12.0, 13.0
opensuse
leap
15.3, 15.4, 15.5, 15.6
suse
caas platform
4.0
suse
enterprise storage
6.0, 7.0, 7.1
suse
manager proxy
4.0, 4.1, 4.2, 4.3
+18 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local kernel vulnerability in crypto subsystem with low-priv attacker and full C/I/A impact directly enables T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References