{ "threat_severity" : "Important", "public_date" : "2026-04-22T00:00:00Z", "bugzilla" : { "description" : "kernel: crypto: algif_aead - Revert to operating out-of-place", "id" : "2460538", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2460538" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-1288", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: algif_aead - Revert to operating out-of-place\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.", "A flaw was found in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges." ], "statement" : "This issue is classified as Important, rather than Critical severity, because exploitation requires local access to the system. A low-privileged local attacker can exploit this flaw in the Linux kernel's cryptographic interface to gain root privileges by overwriting sensitive system files. Exploitation does not require user interaction, potentially resulting in full compromise of confidentiality, integrity, and availability.", "affected_release" : [ { "product_name" : "NVIDIA for RHEL 10", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14926", "cpe" : "cpe:/a:redhat:enterprise_linux_nvidia:10::el10", "package" : "kernel-0:6.12.0-211.6.el10nv" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13566", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.55.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19074", "cpe" : "cpe:/o:redhat:enterprise_linux:10.2", "package" : "kernel-0:6.12.0-211.7.3.el10_2" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13887", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "kernel-0:6.12.0-55.71.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13578", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.123.1.rt7.464.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13577", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.123.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-11T00:00:00Z", "advisory" : "RHSA-2026:15976", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14165", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "kernel-0:4.18.0-305.190.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14165", "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4", "package" : "kernel-0:4.18.0-305.190.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14230", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.191.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14230", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.191.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14230", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.191.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-05-11T00:00:00Z", "advisory" : "RHSA-2026:16111", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13681", "cpe" : "cpe:/o:redhat:rhel_tus:8.8", "package" : "kernel-0:4.18.0-477.139.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13681", "cpe" : "cpe:/o:redhat:rhel_e4s:8.8", "package" : "kernel-0:4.18.0-477.139.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16210", "cpe" : "cpe:/o:redhat:rhel_e4s:8.8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13565", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.54.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19225", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-687.5.3.el9_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13565", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.54.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-11T00:00:00Z", "advisory" : "RHSA-2026:15978", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-19T00:00:00Z", "advisory" : "RHSA-2026:19225", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-687.5.3.el9_8" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13936", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.178.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14137", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.178.1.rt21.250.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16209", "cpe" : "cpe:/o:redhat:rhel_e4s:9.0", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13734", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "kernel-0:5.14.0-284.169.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14301", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.169.1.rt14.454.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-05-12T00:00:00Z", "advisory" : "RHSA-2026:16208", "cpe" : "cpe:/o:redhat:rhel_e4s:9.2", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13932", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.124.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-05-11T00:00:00Z", "advisory" : "RHSA-2026:16063", "cpe" : "cpe:/o:redhat:rhel_eus:9.4", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14339", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "kernel-0:5.14.0-570.112.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-11T00:00:00Z", "advisory" : "RHSA-2026:16018", "cpe" : "cpe:/o:redhat:rhel_eus:9.6", "package" : "kpatch-patch" }, { "product_name" : "Red Hat OpenShift Container Platform 4.12", "release_date" : "2026-05-08T00:00:00Z", "advisory" : "RHSA-2026:14097", "cpe" : "cpe:/a:redhat:openshift:4.12::el8", "package" : "rhcos-412.86.202605060316-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:14112", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "rhcos-413.92.202605051442-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2026-05-13T00:00:00Z", "advisory" : "RHSA-2026:15087", "cpe" : "cpe:/a:redhat:openshift:4.14::el9", "package" : "rhcos-414.92.202605060243-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2026-05-13T00:00:00Z", "advisory" : "RHSA-2026:14773", "cpe" : "cpe:/a:redhat:openshift:4.15::el9", "package" : "rhcos-415.92.202605060220-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:13729", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "rhcos-416.94.202605042300-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2026-05-07T00:00:00Z", "advisory" : "RHSA-2026:13885", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "rhcos-417.94.202605050021-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13727", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "rhcos-418.94.202605042017-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.19", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13690", "cpe" : "cpe:/a:redhat:openshift:4.19::el9", "package" : "rhcos-4.19.9.6.202605042214-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.20", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13862", "cpe" : "cpe:/a:redhat:openshift:4.20::el9", "package" : "rhcos-4.20.9.6.202605051409-0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.21", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13811", "cpe" : "cpe:/a:redhat:openshift:4.21::el9", "package" : "rhcos-4.21.9.6.202605051105-0" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-31431\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-31431\nhttps://access.redhat.com/articles/7141989\nhttps://access.redhat.com/solutions/7141931\nhttps://access.redhat.com/solutions/7141979\nhttps://access.redhat.com/solutions/7141990\nhttps://access.redhat.com/solutions/7141996\nhttps://access.redhat.com/solutions/7142032\nhttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel\nhttps://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog" ], "csaw" : true, "name" : "CVE-2026-31431", "mitigation" : { "value" : "See the security bulletin for a detailed mitigation procedure.", "lang" : "en:us" } }