Back to Live Pulse
HighLinux kernelIncorrect Resource Transfer Between Spheres
CVE-2026-31431
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.
There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings. Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
Proof of Concept (POC) Links
Explore how this vulnerability can be reproduced or exploited.
http://www.openwall.com/lists/oss-security/2026/04/29/23http://www.openwall.com/lists/oss-security/2026/04/29/26http://www.openwall.com/lists/oss-security/2026/04/30/18http://www.openwall.com/lists/oss-security/2026/04/30/5https://copy.failhttps://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170https://github.com/theori-io/copy-fail-CVE-2026-31431https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431https://xint.io/blog/copy-fail-linux-distributions#the-fix-6