Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-04-22T00:00:00 kernel: crypto: algif_aead - Revert to operating out-of-place 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-1288

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

A flaw was found in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect 'in-place operation' was introduced, where the source and destination data mappings were different. This could lead to unexpected behavior or data integrity issues during cryptographic operations, potentially impacting the reliability of encrypted communications.

This local privilege escalation is rated as Important severity. Part of the Linux kernel's cryptographic interface contains an incorrect in-place operation, where source and destination data mappings differ. This could lead to data integrity issues, including the escalation to root privileges. Individual articles, with specific advice, are available for a number of products: * Red Hat Enterprise Linux https://access.redhat.com/solutions/7141931 * OpenShift 4 https://access.redhat.com/solutions/7141979 * ROSA Classic and OpenShift Dedicated https://access.redhat.com/articles/7141989 * ROSA Hosted Control Planes https://access.redhat.com/solutions/7141996 * ARO Hosted Control Planes https://access.redhat.com/solutions/7141990 General guidance which is applicable to many products is below. Warning: there may be performance impacts for modifying functionality that uses kernel cryptographic functions. Though the affected module cannot be blacklisted, the affected functions themselves can be using the following boot arguments: ``` initcall_blacklist=algif_aead_init ``` Alternatively, the af_alg interface itself can be blocked: ``` initcall_blacklist=af_alg_init ``` As a further alternative, the affected algorithm can be blocked: ``` initcall_blacklist=crypto_authenc_esn_module_init ``` Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt Red Hat OpenShift Container Platform 4 Affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-31431 https://nvd.nist.gov/vuln/detail/CVE-2026-31431 https://access.redhat.com/articles/7141989 https://access.redhat.com/solutions/7141979 https://access.redhat.com/solutions/7141990 https://access.redhat.com/solutions/7141996 https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/managing_monitoring_and_updating_the_kernel/configuring-kernel-command-line-parameters_managing-monitoring-and-updating-the-kernel https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T True