CVE-2026-31431

crypto: algif_aead - Revert to operating out-of-place

Published: Apr 22, 2026Updated: May 21, 2026 Sources: CVE List NVD csaf

7.8CVSS

HIGH

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

EPSS Score

2.2%

Top 15.3%

CISA KEV

Active Exploitation

Since May 1, 2026

Exploits

No Known Exploits

Remediation

Patch Available

CVSS Vector Breakdown

Exploitability

AV:LAttack Vector

Local

AC:LAttack Complexity

Low

PR:LPrivileges Required

Low

UI:NUser Interaction

None

Scope

S:UScope

Unchanged

Impact

C:HConfidentiality

High

I:HIntegrity

High

A:HAvailability

High

Weaknesses

CWE-669

Affected Products

Linux

linux kernel

linux

openshift container platform

redhat

enterprise linux

redhat

amazon linux

amazon

and 35 more affected products View all →

Exploitability

CISA Known Exploited Vulnerability

Added to KEV:May 1, 2026

Remediation due:May 15, 2026

Required action: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Official Patch Available