CVE-2026-31431: Linux Kernel Algif_aead In-Place Operation Vulnerability Reverted
CVE-2026-31431 Published on April 22, 2026

crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

NVD

Known Exploited Vulnerability

This Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

The following remediation steps are recommended / required by May 15, 2026: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis

CVE-2026-31431 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Types

Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

Improper Validation of Consistency within Input

The product receives a complex input with multiple elements or fields that must be consistent with each other, but it does not validate or incorrectly validates that the input is actually consistent.


Products Associated with CVE-2026-31431

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-31431 are published in these products:

 
 
 
 
 
 
 
 
 
 
 
 

Affected Versions

Linux: Linux: Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP: Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP: Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP: Siemens SIMATIC S7-1500 TM MFP - GNU/Linux subsystem: Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP: Red Hat NVIDIA for RHEL 10: Red Hat OpenShift Container Platform 4.12: Red Hat OpenShift Container Platform 4.13: Red Hat OpenShift Container Platform 4.14: Red Hat OpenShift Container Platform 4.15: Red Hat OpenShift Container Platform 4.16: Red Hat OpenShift Container Platform 4.17: Red Hat OpenShift Container Platform 4.18: Red Hat OpenShift Container Platform 4.19: Red Hat OpenShift Container Platform 4.20: Red Hat OpenShift Container Platform 4.21: Red Hat Enterprise Linux AppStream EUS (v. 10.0): Red Hat Enterprise Linux AppStream (v. 10): Red Hat Enterprise Linux AppStream E4S (v.9.0): Red Hat Enterprise Linux AppStream E4S (v.9.2): Red Hat Enterprise Linux AppStream EUS (v.9.4): Red Hat Enterprise Linux AppStream EUS (v.9.6): Red Hat Enterprise Linux AppStream (v. 9): Red Hat Enterprise Linux BaseOS EUS (v. 10.0): Red Hat Enterprise Linux BaseOS (v. 10): Red Hat Enterprise Linux BaseOS (v. 8): Red Hat Enterprise Linux BaseOS AUS (v.8.4): Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4): Red Hat Enterprise Linux BaseOS AUS (v.8.6): Red Hat Enterprise Linux BaseOS E4S (v.8.6): Red Hat Enterprise Linux BaseOS TUS (v.8.6): Red Hat Enterprise Linux BaseOS E4S (v.8.8): Red Hat Enterprise Linux BaseOS TUS (v.8.8): Red Hat Enterprise Linux BaseOS E4S (v.9.0): Red Hat Enterprise Linux BaseOS E4S (v.9.2): Red Hat Enterprise Linux BaseOS EUS (v.9.4): Red Hat Enterprise Linux BaseOS EUS (v.9.6): Red Hat Enterprise Linux BaseOS (v. 9): Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0): Red Hat Enterprise Linux CodeReady Linux Builder (v. 10): Red Hat Enterprise Linux CRB (v. 8): Red Hat CodeReady Linux Builder EUS (v.9.4): Red Hat CodeReady Linux Builder EUS (v.9.6): Red Hat Enterprise Linux CodeReady Linux Builder (v. 9): Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0): Red Hat Enterprise Linux Real Time for NFV (v. 10): Red Hat Enterprise Linux NFV (v. 8): Red Hat Enterprise Linux NFV E4S (v.9.0): Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2): Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4): Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6): Red Hat Enterprise Linux Real Time for NFV (v. 9): Red Hat Enterprise Linux Real Time EUS (v. 10.0): Red Hat Enterprise Linux Real Time (v. 10): Red Hat Enterprise Linux RT (v. 8): Red Hat Enterprise Linux Real Time E4S (v.9.0): Red Hat Enterprise Linux Real Time E4S (v.9.2): Red Hat Enterprise Linux Real Time EUS (v.9.4): Red Hat Enterprise Linux Real Time EUS (v.9.6): Red Hat Enterprise Linux Real Time (v. 9): Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7:

Exploit Probability

EPSS
94.02%
Percentile
99.84%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.