HIGH CISA KEV
Copy Fail
CVE-2026-31431
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
KernelScan AI7.8HIGH
01Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
02KernelScan AI Analysis
Risk summary
A fully functional public exploit is available on GitHub for CVE-2026-31431, enabling any local unprivileged user on an unpatched system to gain root privileges. Systems running kernels that have not been updated since April 30, 2026 are at immediate risk. Immediate patching is strongly advised.
Vulnerability analysis
Summary: A vulnerability in the AF_ALG AEAD authencesn decrypt path, when combined with the splice system call, allows local privilege escalation to root. The public exploit demonstrates reliable root access on unpatched kernels.
Root Cause: The root cause is a use-after-free condition in the AF_ALG socket's handling of page-cache references during splice operations involving the authencesn authenticated encryption algorithm. Improper reference counting allows an attacker to corrupt the page cache and overwrite arbitrary file contents.
Attack Surface: The attack is triggered by a local unprivileged user creating an AF_ALG socket with the authencesn algorithm and using splice() to transfer data. No special privileges or capabilities are required beyond those of a normal user account.
Fix Mechanism: The vulnerability was patched in all supported stable kernel branches on April 30, 2026. Users must update to a kernel containing the fix to remediate the issue.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 5.10 | 5.10.254 | 893d22e0135f |
| 5.15 | 5.15.204 | 19d43105a97b |
| 6.1 | 6.1.170 | 961cfa271a91 |
| 6.12 | 6.12.85 | 8b88d99341f1 |
| 6.18 | 6.18.22 | fafe0fa2995a |
| 6.19 | 6.19.12 | ce42ee423e58 |
| 6.6 | 6.6.137 | 3115af9644c3 |
| mainline | 7.0 | a664bf3d603d |