CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in ...
CVE-2026-31431CVSS 7.8CISA KEVLinux

CVE-2026-31431: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in ...

CVSS
7.8 HIGH
EPSS
99.87%
Known exploited
yes
Product
Kernel

What is known

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Sources