crypto: algif_aead - Revert to operating out-of-place
Summary
| CVE | CVE-2026-31431 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-04-22 09:16:21 UTC |
| Updated | 2026-07-01 17:30:58 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. |
Risk And Classification
Primary CVSS: v3.1 7.8 HIGH from ADP
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.962670000 probability, percentile 0.998700000 (date 2026-07-04)
CISA KEV: Listed on 2026-05-01; due 2026-05-15; ransomware use Unknown
Problem Types: CWE-669 | CWE-1288 | CWE-669 CWE-669 Incorrect Resource Transfer Between Spheres | CWE-1288 Improper Validation of Consistency within Input
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Secondary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA Known Exploited Vulnerability
| Vendor | Linux |
|---|---|
| Product | Kernel |
| Name | Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability |
| Required Action | "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| Notes | https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/; https://xint.io/blog/copy-fail-linux-distributions#the-fix-6 ; https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-31431 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 893d22e0135fa394db81df88697fba6032747667 git | Not specified |
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 19d43105a97be0810edbda875f2cd03f30dc130c git | Not specified |
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 961cfa271a918ad4ae452420e7c303149002875b git | Not specified |
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 3115af9644c342b356f3f07a4dd1c8905cd9a6fc git | Not specified |
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 8b88d99341f139e23bdeb1027a2a3ae10d341d82 git | Not specified |
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 git | Not specified |
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 ce42ee423e58dffa5ec03524054c9d8bfd4f6237 git | Not specified |
| CNA | Linux | Linux | affected 72548b093ee38a6d4f2a19e6ef1948ae05c181f7 a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 git | Not specified |
| CNA | Linux | Linux | affected 4.14 | Not specified |
| CNA | Linux | Linux | unaffected 4.14 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.254 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.204 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.170 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.137 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.85 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.22 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19.12 6.19.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0 * original_commit_for_fix | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 TM MFP - GNU/Linux Subsystem | affected * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.5 * custom | Not specified |
| ADP | Red Hat | NVIDIA For RHEL 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.12 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.13 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.14 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.15 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.16 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.17 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.18 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.19 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.20 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4.21 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream EUS V. 10.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream E4S V.9.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream E4S V.9.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream EUS V.9.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream EUS V.9.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux AppStream V. 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS EUS V. 10.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS V. 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS AUS V.8.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS EUS EXTENSION V.8.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS AUS V.8.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS E4S V.8.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS TUS V.8.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS E4S V.8.8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS TUS V.8.8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS E4S V.9.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS E4S V.9.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS EUS V.9.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS EUS V.9.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux BaseOS V. 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS V. 10.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux CRB V. 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat CodeReady Linux Builder EUS V.9.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat CodeReady Linux Builder EUS V.9.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder V. 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time For NFV EUS V. 10.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time For NFV V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux NFV V. 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux NFV E4S V.9.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time For NFV E4S V.9.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time For NFV EUS V.9.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time For NFV EUS V.9.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time For NFV V. 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time EUS V. 10.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time V. 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux RT V. 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time E4S V.9.0 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time E4S V.9.2 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time EUS V.9.4 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time EUS V.9.6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux Real Time V. 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| www.openwall.com/lists/oss-security/2026/05/08/13 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| access.redhat.com/errata/RHSA-2026:14112 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:16111 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/04/27 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/9 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/16 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13727 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/01/24 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| access.redhat.com/errata/RHSA-2026:13811 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/07/2 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| copy.fail | af854a3a-2127-422b-91ae-364da2661108 | copy.fail | Exploit |
| www.openwall.com/lists/oss-security/2026/05/02/17 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/8 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/29/23 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Exploit, Mailing List, Patch |
| access.redhat.com/errata/RHSA-2026:14773 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/02/14 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/30/20 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:14301 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/html/ssa-082556.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/04/30/18 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Exploit, Mailing List |
| access.redhat.com/errata/RHSA-2026:16063 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/02/15 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/24 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| www.openwall.com/lists/oss-security/2026/04/29/25 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch |
| www.openwall.com/lists/oss-security/2026/05/02/6 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13565 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| www.openwall.com/lists/oss-security/2026/05/01/18 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:19225 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/02/7 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| cert-portal.siemens.com/productcert/html/ssa-265688.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:14230 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:13932 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:16208 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:14165 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:13681 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/02/4 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13578 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/07/12 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/01/23 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:15976 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:15087 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:13577 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| xint.io/blog/copy-fail-linux-distributions | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | xint.io | Exploit, Patch, Third Party Advisory |
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| www.openwall.com/lists/oss-security/2026/05/02/5 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:16210 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/01/22 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/29/26 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Exploit, Mailing List, Patch |
| access.redhat.com/errata/RHSA-2026:14097 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-... | af854a3a-2127-422b-91ae-364da2661108 | websec.net | Exploit, Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:13936 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:14339 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.kb.cert.org/vuls/id/260001 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:16209 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/03/13 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:14926 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/01/15 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13862 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/04/30/6 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/1 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/03/6 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/03/12 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13885 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/04/30/12 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch |
| access.redhat.com/errata/RHSA-2026:14137 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | lore.kernel.org | Vendor Advisory |
| www.openwall.com/lists/oss-security/2026/05/04/2 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/01/3 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/01/16 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/30/5 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Exploit, Mailing List, Patch |
| www.openwall.com/lists/oss-security/2026/05/03/5 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| www.openwall.com/lists/oss-security/2026/05/04/31 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/25 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/14 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/30/11 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch |
| www.openwall.com/lists/oss-security/2026/05/01/17 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31431.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/01/2 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/8 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:15978 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/03/10 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/24 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/30/10 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch |
| www.openwall.com/lists/oss-security/2026/05/03/4 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/06/5 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/03/3 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/01/10 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/23 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/12 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/30/17 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13690 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/security/cve/CVE-2026-31431 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:16018 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/04/30/16 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch |
| www.openwall.com/lists/oss-security/2026/05/04/13 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:33486 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/errata/RHSA-2026:13729 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| access.redhat.com/security/cve/cve-2026-31431 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/04/30/2 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/29 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/18 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| github.com/theori-io/copy-fail-CVE-2026-31431 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | github.com | Exploit |
| www.openwall.com/lists/oss-security/2026/05/01/12 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/04/10 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/04/30/15 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch |
| www.openwall.com/lists/oss-security/2026/05/02/21 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| access.redhat.com/errata/RHSA-2026:19074 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/04/28 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/19 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13887 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/05/18/3 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13734 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| www.openwall.com/lists/oss-security/2026/04/30/14 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List, Patch |
| www.openwall.com/lists/oss-security/2026/05/04/11 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| www.openwall.com/lists/oss-security/2026/05/02/20 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| access.redhat.com/errata/RHSA-2026:13566 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-05-01T00:00:00.000Z | CVE-2026-31431 added to CISA KEV |
| ADP | 2026-04-22T00:00:00.000Z | Reported to Red Hat. |
| ADP | 2026-04-22T00:00:00.000Z | Made public. |
Solutions
ADP: RHSA-2026:14926: NVIDIA for RHEL 10
ADP: RHSA-2026:33486: NVIDIA for RHEL 10
ADP: RHSA-2026:14097: Red Hat OpenShift Container Platform 4.12
ADP: RHSA-2026:14112: Red Hat OpenShift Container Platform 4.13
ADP: RHSA-2026:15087: Red Hat OpenShift Container Platform 4.14
ADP: RHSA-2026:14773: Red Hat OpenShift Container Platform 4.15
ADP: RHSA-2026:13729: Red Hat OpenShift Container Platform 4.16
ADP: RHSA-2026:13885: Red Hat OpenShift Container Platform 4.17
ADP: RHSA-2026:13727: Red Hat OpenShift Container Platform 4.18
ADP: RHSA-2026:13690: Red Hat OpenShift Container Platform 4.19
ADP: RHSA-2026:13862: Red Hat OpenShift Container Platform 4.20
ADP: RHSA-2026:13811: Red Hat OpenShift Container Platform 4.21
ADP: RHSA-2026:13887: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)
ADP: RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)
ADP: RHSA-2026:19074: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)
ADP: RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)
ADP: RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)
ADP: RHSA-2026:13932: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)
ADP: RHSA-2026:14339: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)
ADP: RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)
ADP: RHSA-2026:19225: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)
ADP: RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)
ADP: RHSA-2026:15976: Red Hat Enterprise Linux BaseOS (v. 8)
ADP: RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)
ADP: RHSA-2026:14230: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)
ADP: RHSA-2026:16111: Red Hat Enterprise Linux BaseOS E4S (v.8.6)
ADP: RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)
ADP: RHSA-2026:16210: Red Hat Enterprise Linux BaseOS E4S (v.8.8)
ADP: RHSA-2026:16209: Red Hat Enterprise Linux BaseOS E4S (v.9.0)
ADP: RHSA-2026:16208: Red Hat Enterprise Linux BaseOS E4S (v.9.2)
ADP: RHSA-2026:16063: Red Hat Enterprise Linux BaseOS EUS (v.9.4)
ADP: RHSA-2026:16018: Red Hat Enterprise Linux BaseOS EUS (v.9.6)
ADP: RHSA-2026:15978: Red Hat Enterprise Linux BaseOS (v. 9)
ADP: RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)
ADP: RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)
ADP: RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)
Workarounds
ADP: See the security bulletin for a detailed mitigation procedure.