Vulnerability-Lookup

RHSA-2026:13727

Vulnerability from csaf_redhat - Published: 2026-05-06 20:47 - Updated: 2026-05-07 08:27

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.18.40 bug fix and security update

Severity

Important

Notes

Topic: Red Hat OpenShift Container Platform release 4.18.40 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.40. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2026:13726 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ Security Fix(es): * kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-31431

A flaw was found in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect 'in-place operation' was introduced, where the source and destination data mappings were different. This could lead to unexpected behavior or data integrity issues during cryptographic operations, potentially impacting the reliability of encrypted communications.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-1288 - Improper Validation of Consistency within Input

Vendor Fix For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags. The sha values for the release are as follows: (For x86_64 architecture) The image digest is sha256:b2e85618a5a68065589d092f1894e1327e30615333ec315039aadb7908266ad4 (For s390x architecture) The image digest is sha256:37e5d96fdc1609c79a261eb7c497f70492c22e997878efd526f18eaf044a1725 (For ppc64le architecture) The image digest is sha256:867fc0077c615f7bcfd8679a9dd5376b25f7150444ea34ff5e6953e8b477b9df (For aarch64 architecture) The image digest is sha256:e578856046a41e3d6ca9a4c95b5151491cd052e29780096f42cde0b33d5f4112 All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli. https://access.redhat.com/errata/RHSA-2026:13727

Workaround Individual articles, with specific advice, are available for a number of products: * Red Hat Enterprise Linux https://access.redhat.com/solutions/7141931 * OpenShift 4 https://access.redhat.com/solutions/7141979 * ROSA Classic and OpenShift Dedicated https://access.redhat.com/articles/7141989 * ARO https://access.redhat.com/solutions/7141990 * Advanced Cluster Management Governance Policy https://access.redhat.com/solutions/7142032 * ROSA HCP: https://access.redhat.com/solutions/7141996 General guidance which is applicable to many products is below. Warning: there may be performance impacts for modifying functionality that uses kernel cryptographic functions. Though the affected module cannot be blacklisted, the affected functions themselves can be using the following boot arguments: ``` initcall_blacklist=algif_aead_init ``` Alternatively, the af_alg interface itself can be blocked: ``` initcall_blacklist=af_alg_init ``` As a further alternative, the affected algorithm can be blocked: ``` initcall_blacklist=crypto_authenc_esn_module_init ``` A mitigation that does not require a reboot using eBPF is available for Red Hat OpenShift Container Platform. This mitigation is only applicable to AMD64 nodes. Specific instructions are included in the linked articles.

References

URL

Category

	https://access.redhat.com/errata/RHSA-2026:13727	self
	https://access.redhat.com/security/updates/classi…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2460538	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2026-31431	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2460538	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2026-31431	external
	https://nvd.nist.gov/vuln/detail/CVE-2026-31431	external
	https://access.redhat.com/articles/7141989	external
	https://access.redhat.com/solutions/7141931	external
	https://access.redhat.com/solutions/7141979	external
	https://access.redhat.com/solutions/7141990	external
	https://access.redhat.com/solutions/7141996	external
	https://access.redhat.com/solutions/7142032	external
	https://docs.redhat.com/en/documentation/red_hat_…	external
	https://lore.kernel.org/linux-cve-announce/202604…	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.18.40 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.18.40. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2026:13726\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* kernel: crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:13727",
        "url": "https://access.redhat.com/errata/RHSA-2026:13727"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2460538",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13727.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.40 bug fix and security update",
    "tracking": {
      "current_release_date": "2026-05-07T08:27:22+00:00",
      "generator": {
        "date": "2026-05-07T08:27:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.9"
        }
      },
      "id": "RHSA-2026:13727",
      "initial_release_date": "2026-05-06T20:47:28+00:00",
      "revision_history": [
        {
          "date": "2026-05-06T20:47:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-06T20:47:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-07T08:27:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.18",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.18",
                  "product_id": "9Base-RHOSE-4.18",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.18::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-aarch64-418.94.202605042017-0",
                "product": {
                  "name": "rhcos-aarch64-418.94.202605042017-0",
                  "product_id": "rhcos-aarch64-418.94.202605042017-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202605042017?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-ppc64le-418.94.202605042017-0",
                "product": {
                  "name": "rhcos-ppc64le-418.94.202605042017-0",
                  "product_id": "rhcos-ppc64le-418.94.202605042017-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202605042017?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-s390x-418.94.202605042017-0",
                "product": {
                  "name": "rhcos-s390x-418.94.202605042017-0",
                  "product_id": "rhcos-s390x-418.94.202605042017-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202605042017?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhcos-x86_64-418.94.202605042017-0",
                "product": {
                  "name": "rhcos-x86_64-418.94.202605042017-0",
                  "product_id": "rhcos-x86_64-418.94.202605042017-0",
                  "product_identification_helper": {
                    "purl": "pkg:generic/redhat/rhcos@418.94.202605042017?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-aarch64-418.94.202605042017-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202605042017-0"
        },
        "product_reference": "rhcos-aarch64-418.94.202605042017-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-ppc64le-418.94.202605042017-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202605042017-0"
        },
        "product_reference": "rhcos-ppc64le-418.94.202605042017-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-s390x-418.94.202605042017-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202605042017-0"
        },
        "product_reference": "rhcos-s390x-418.94.202605042017-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhcos-x86_64-418.94.202605042017-0 as a component of Red Hat OpenShift Container Platform 4.18",
          "product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202605042017-0"
        },
        "product_reference": "rhcos-x86_64-418.94.202605042017-0",
        "relates_to_product_reference": "9Base-RHOSE-4.18"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-31431",
      "cwe": {
        "id": "CWE-1288",
        "name": "Improper Validation of Consistency within Input"
      },
      "discovery_date": "2026-04-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2460538"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s algif_aead cryptographic algorithm interface. An incorrect \u0027in-place operation\u0027 was introduced, where the source and destination data mappings were different. This could lead to unexpected behavior or data integrity issues during cryptographic operations, potentially impacting the reliability of encrypted communications.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: crypto: algif_aead - Revert to operating out-of-place",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This local privilege escalation is rated as Important severity. Part of the Linux kernel\u0027s cryptographic interface contains an incorrect in-place operation, where source and destination data mappings differ. This could lead to data integrity issues, including the escalation to root privileges.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202605042017-0",
          "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202605042017-0",
          "9Base-RHOSE-4.18:rhcos-s390x-418.94.202605042017-0",
          "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202605042017-0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-31431"
        },
        {
          "category": "external",
          "summary": "RHBZ#2460538",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460538"
        },
        {
          "category": "external",
          "summary": "RHSB-2026-02",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-02"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-31431",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31431",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31431"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/articles/7141989",
          "url": "https://access.redhat.com/articles/7141989"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/7141931",
          "url": "https://access.redhat.com/solutions/7141931"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/7141979",
          "url": "https://access.redhat.com/solutions/7141979"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/7141990",
          "url": "https://access.redhat.com/solutions/7141990"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/7141996",
          "url": "https://access.redhat.com/solutions/7141996"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/solutions/7142032",
          "url": "https://access.redhat.com/solutions/7142032"
        },
        {
          "category": "external",
          "summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel",
          "url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2026-04-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-06T20:47:28+00:00",
          "details": "For OpenShift Container Platform 4.18 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n      (For x86_64 architecture)\n      The image digest is sha256:b2e85618a5a68065589d092f1894e1327e30615333ec315039aadb7908266ad4\n\n      (For s390x architecture)\n      The image digest is sha256:37e5d96fdc1609c79a261eb7c497f70492c22e997878efd526f18eaf044a1725\n\n      (For ppc64le architecture)\n      The image digest is sha256:867fc0077c615f7bcfd8679a9dd5376b25f7150444ea34ff5e6953e8b477b9df\n\n      (For aarch64 architecture)\n      The image digest is sha256:e578856046a41e3d6ca9a4c95b5151491cd052e29780096f42cde0b33d5f4112\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202605042017-0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:13727"
        },
        {
          "category": "workaround",
          "details": "Individual articles, with specific advice, are available for a number of products:\n* Red Hat Enterprise Linux https://access.redhat.com/solutions/7141931\n* OpenShift 4 https://access.redhat.com/solutions/7141979\n* ROSA Classic and OpenShift Dedicated https://access.redhat.com/articles/7141989\n* ARO https://access.redhat.com/solutions/7141990\n* Advanced Cluster Management Governance Policy https://access.redhat.com/solutions/7142032\n* ROSA HCP: https://access.redhat.com/solutions/7141996\n\nGeneral guidance which is applicable to many products is below. Warning: there may be performance impacts for modifying functionality that uses kernel cryptographic functions. Though the affected module cannot be blacklisted, the affected functions themselves can be using the following boot arguments:\n```\ninitcall_blacklist=algif_aead_init\n```\n\nAlternatively, the af_alg interface itself can be blocked:\n```\ninitcall_blacklist=af_alg_init\n```\n\nAs a further alternative, the affected algorithm can be blocked:\n```\ninitcall_blacklist=crypto_authenc_esn_module_init\n```\n\nA mitigation that does not require a reboot using eBPF is available for Red Hat OpenShift Container Platform. This mitigation is only applicable to AMD64 nodes. Specific instructions are included in the linked articles.",
          "product_ids": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202605042017-0"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-s390x-418.94.202605042017-0",
            "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202605042017-0"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2026-05-01T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: crypto: algif_aead - Revert to operating out-of-place"
    }
  ]
}

CVE-2026-31431 (GCVE-0-2026-31431)

Vulnerability from cvelistv5 – Published: 2026-04-22 08:15 – Updated: 2026-05-07 06:58

Title

crypto: algif_aead - Revert to operating out-of-place

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-669 - Incorrect Resource Transfer Between Spheres

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/893d22e0135fa394d…
	https://git.kernel.org/stable/c/19d43105a97be0810…
	https://git.kernel.org/stable/c/961cfa271a918ad4a…
	https://git.kernel.org/stable/c/3115af9644c342b35…
	https://git.kernel.org/stable/c/8b88d99341f139e23…
	https://git.kernel.org/stable/c/fafe0fa2995a0f707…
	https://git.kernel.org/stable/c/ce42ee423e58dffa5…
	https://git.kernel.org/stable/c/a664bf3d603dc3bdc…

Impacted products

Vendor

Product

Version

Linux

Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 893d22e0135fa394db81df88697fba6032747667 (git)
Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 19d43105a97be0810edbda875f2cd03f30dc130c (git)
Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 961cfa271a918ad4ae452420e7c303149002875b (git)
Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc (git)
Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < 8b88d99341f139e23bdeb1027a2a3ae10d341d82 (git)
Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 (git)
Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < ce42ee423e58dffa5ec03524054c9d8bfd4f6237 (git)
Affected: 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 , < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 5.10.254 , ≤ 5.10.* (semver)
Unaffected: 5.15.204 , ≤ 5.15.* (semver)
Unaffected: 6.1.170 , ≤ 6.1.* (semver)
Unaffected: 6.6.137 , ≤ 6.6.* (semver)
Unaffected: 6.12.85 , ≤ 6.12.* (semver)
Unaffected: 6.18.22 , ≤ 6.18.* (semver)
Unaffected: 6.19.12 , ≤ 6.19.* (semver)
Unaffected: 7.0 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-31431",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-05-01",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-669",
                "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-02T03:55:23.146Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/theori-io/copy-fail-CVE-2026-31431"
          },
          {
            "tags": [
              "mitigation"
            ],
            "url": "https://xint.io/blog/copy-fail-linux-distributions#the-fix-6"
          },
          {
            "tags": [
              "mitigation"
            ],
            "url": "https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/"
          },
          {
            "tags": [
              "mitigation"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-05-01T00:00:00.000Z",
            "value": "CVE-2026-31431 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-07T06:58:58.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/23"
          },
          {
            "url": "https://copy.fail"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/25"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/29/26"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/11"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/15"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/16"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/18"
          },
          {
            "url": "https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/30/20"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/15"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/16"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/18"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/22"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/23"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/24"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/7"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/8"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/15"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/16"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/17"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/18"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/19"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/20"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/21"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/23"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/24"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/02/25"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/3"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/4"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/6"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/03/13"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/1"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/10"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/11"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/12"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/13"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/14"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/8"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/9"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/24"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/27"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/28"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/29"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/31"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/06/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/07/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/af_alg.c",
            "crypto/algif_aead.c",
            "crypto/algif_skcipher.c",
            "include/crypto/if_alg.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "893d22e0135fa394db81df88697fba6032747667",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "19d43105a97be0810edbda875f2cd03f30dc130c",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "961cfa271a918ad4ae452420e7c303149002875b",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "3115af9644c342b356f3f07a4dd1c8905cd9a6fc",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "8b88d99341f139e23bdeb1027a2a3ae10d341d82",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "ce42ee423e58dffa5ec03524054c9d8bfd4f6237",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            },
            {
              "lessThan": "a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5",
              "status": "affected",
              "version": "72548b093ee38a6d4f2a19e6ef1948ae05c181f7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/af_alg.c",
            "crypto/algif_aead.c",
            "crypto/algif_skcipher.c",
            "include/crypto/if_alg.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.254",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.204",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.170",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.137",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.19.*",
              "status": "unaffected",
              "version": "6.19.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.254",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.204",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.170",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.137",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.85",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.22",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.19.12",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings.  Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-30T09:32:06.731Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667"
        },
        {
          "url": "https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c"
        },
        {
          "url": "https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82"
        },
        {
          "url": "https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237"
        },
        {
          "url": "https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5"
        }
      ],
      "title": "crypto: algif_aead - Revert to operating out-of-place",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-31431",
    "datePublished": "2026-04-22T08:15:10.123Z",
    "dateReserved": "2026-03-09T15:48:24.089Z",
    "dateUpdated": "2026-05-07T06:58:58.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:13727

CVE-2026-31431 (GCVE-0-2026-31431)

Tags

Sightings

Nomenclature