U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-31431 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
http://www.openwall.com/lists/oss-security/2026/04/29/23 CVE Exploit  Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/29/25 CVE Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/29/26 CVE Exploit  Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/10 CVE Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/11 CVE Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/12 CVE Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/14 CVE Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/15 CVE Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/16 CVE Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/17 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/04/30/18 CVE Exploit  Mailing List 
http://www.openwall.com/lists/oss-security/2026/04/30/2 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/04/30/20 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/04/30/5 CVE Exploit  Mailing List  Patch 
http://www.openwall.com/lists/oss-security/2026/04/30/6 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/10 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/12 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/15 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/16 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/17 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/18 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/2 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/22 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/23 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/24 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/01/3 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/14 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/15 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/16 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/17 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/18 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/19 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/20 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/21 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/23 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/24 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/25 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/4 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/5 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/6 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/7 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/02/8 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/03/10 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/03/12 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/03/13 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/03/3 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/03/4 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/03/5 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/03/6 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/1 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/10 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/11 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/12 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/13 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/14 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/2 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/24 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/27 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/28 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/29 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/31 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/8 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/04/9 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/06/5 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/07/12 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/07/2 CVE Mailing List 
http://www.openwall.com/lists/oss-security/2026/05/08/13 CVE Mailing List 
https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation CISA-ADP Third Party Advisory 
https://copy.fail CVE Exploit 
https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c kernel.org Patch 
https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc kernel.org Patch 
https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667 kernel.org Patch 
https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82 kernel.org Patch 
https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b kernel.org Patch 
https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5 kernel.org Patch 
https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237 kernel.org Patch 
https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8 kernel.org Patch 
https://github.com/theori-io/copy-fail-CVE-2026-31431 CISA-ADP Exploit 
https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/ CISA-ADP Vendor Advisory 
https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170 CVE Exploit  Third Party Advisory 
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431 CISA-ADP US Government Resource 
https://www.kb.cert.org/vuls/id/260001 CVE
https://xint.io/blog/copy-fail-linux-distributions#the-fix-6 CISA-ADP Exploit  Patch  Third Party Advisory 

This CVE is in CISA's Known Exploited Vulnerabilities Catalog

Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements.

Vulnerability Name Date Added Due Date Required Action
Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability 05/01/2026 05/15/2026 "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Enumeration

CWE-ID CWE Name Source
CWE-669 Incorrect Resource Transfer Between Spheres CISA-ADP  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

53 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-31431
NVD Published Date:
04/22/2026
NVD Last Modified:
05/08/2026
Source:
kernel.org