Bug 2460538 (CVE-2026-31431)

Summary: CVE-2026-31431 kernel: crypto: algif_aead - Revert to operating out-of-place
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: a.dekker, aeszter, alex.wang, apverma, astupnik, bhoppus, cchiang, chris, ctowsley, dogren, dwojewod, ebarrera, eric.eisenhart, errornointernet, fw, germano.massullo, gmcnealy, gscott, jaryan, jpriddy, jsinclea, jsjohns, kcook34, kevinxue, klaas, mark.ashley1, mihalycsaba91, mohamed-mahdi.dridi, mohamed.mahdi.dridi, naresh.sukhija, pasik, patrick.andrieux, piotr.pietruszka, prescott, prodsec-ir-bot, rhel-process-autobot, sebix+redhat.com, shalygin.k, systems, tallis.elliott, vagrawal, vcojot, villapla, watson-tool-maintainers, yannick.bergeron
Target Milestone: ---Keywords: Security
Target Release: ---Flags: gscott: needinfo? (prodsec-ir-bot)
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's algif_aead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive system files and escalate to root privileges.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-04-22 09:01:34 UTC 
In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings.  Get rid of
all the complexity added for in-place operation and just copy the
AD directly.
Comment 1 Alexander B 2026-04-22 10:25:51 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T
Comment 3 Adam Williamson 2026-04-30 05:39:59 UTC 
For any Fedora users finding a link here: this was fixed in kernel 6.19.12, and all current Fedora branches are already at or past that version.
Comment 4 Juanjo Villaplana 2026-04-30 07:19:48 UTC 
https://copy.fail/#exploit
Comment 5 Klaas Weyermann 2026-05-04 11:33:20 UTC 
So when can we expect updates? :)

Suse has released updates, even almalinux has released updates https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/ :)
Comment 6 errata-xmlrpc 2026-05-04 21:20:27 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:13565 https://access.redhat.com/errata/RHSA-2026:13565
Comment 7 errata-xmlrpc 2026-05-04 22:00:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:13566 https://access.redhat.com/errata/RHSA-2026:13566
Comment 8 errata-xmlrpc 2026-05-05 05:24:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:13578 https://access.redhat.com/errata/RHSA-2026:13578
Comment 9 errata-xmlrpc 2026-05-05 05:41:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:13577 https://access.redhat.com/errata/RHSA-2026:13577
Comment 10 Apoorv Verma 2026-05-05 09:19:58 UTC 
Hello,

When can we expect the fix to be available in RHEL-9.4.z and RHEL9.6.z kernel versions ?

Regards
Comment 11 errata-xmlrpc 2026-05-05 10:15:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:13681 https://access.redhat.com/errata/RHSA-2026:13681
Comment 12 errata-xmlrpc 2026-05-05 13:05:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:13734 https://access.redhat.com/errata/RHSA-2026:13734
Comment 14 errata-xmlrpc 2026-05-05 23:35:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:13887 https://access.redhat.com/errata/RHSA-2026:13887
Comment 15 Klaas Weyermann 2026-05-06 07:13:02 UTC 
(In reply to Apoorv Verma from comment #10)
> Hello,
> 
> When can we expect the fix to be available in RHEL-9.4.z and RHEL9.6.z
> kernel versions ?
> 
> Regards

9.4 and 9.6 sap and 9.6 eus are also missing in the affected packages list on https://access.redhat.com/security/cve/cve-2026-31431#cve-affected-packages
Comment 17 errata-xmlrpc 2026-05-06 08:15:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:13936 https://access.redhat.com/errata/RHSA-2026:13936
Comment 18 errata-xmlrpc 2026-05-06 08:16:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:13932 https://access.redhat.com/errata/RHSA-2026:13932
Comment 19 errata-xmlrpc 2026-05-06 11:54:00 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.21

Via RHSA-2026:13811 https://access.redhat.com/errata/RHSA-2026:13811
Comment 20 errata-xmlrpc 2026-05-06 13:38:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:14137 https://access.redhat.com/errata/RHSA-2026:14137
Comment 21 errata-xmlrpc 2026-05-06 14:05:08 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.20

Via RHSA-2026:13862 https://access.redhat.com/errata/RHSA-2026:13862
Comment 22 errata-xmlrpc 2026-05-06 14:11:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:14165 https://access.redhat.com/errata/RHSA-2026:14165
Comment 23 errata-xmlrpc 2026-05-06 14:17:21 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.19

Via RHSA-2026:13690 https://access.redhat.com/errata/RHSA-2026:13690
Comment 24 errata-xmlrpc 2026-05-06 17:25:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:14230 https://access.redhat.com/errata/RHSA-2026:14230
Comment 25 errata-xmlrpc 2026-05-06 18:45:45 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:14301 https://access.redhat.com/errata/RHSA-2026:14301
Comment 26 errata-xmlrpc 2026-05-06 20:41:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:14339 https://access.redhat.com/errata/RHSA-2026:14339
Comment 27 errata-xmlrpc 2026-05-06 20:46:32 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.18

Via RHSA-2026:13727 https://access.redhat.com/errata/RHSA-2026:13727
Comment 33 errata-xmlrpc 2026-05-07 16:07:24 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2026:13729 https://access.redhat.com/errata/RHSA-2026:13729
Comment 34 errata-xmlrpc 2026-05-07 17:22:40 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2026:13885 https://access.redhat.com/errata/RHSA-2026:13885
Comment 35 errata-xmlrpc 2026-05-07 19:47:53 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13

Via RHSA-2026:14112 https://access.redhat.com/errata/RHSA-2026:14112
Comment 36 errata-xmlrpc 2026-05-08 14:25:57 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12

Via RHSA-2026:14097 https://access.redhat.com/errata/RHSA-2026:14097
Comment 37 Kelley Cook 2026-05-08 15:30:26 UTC 
Are RHEL kpatches expected to be released for this vulnerability ?
Comment 38 errata-xmlrpc 2026-05-11 11:45:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:15976 https://access.redhat.com/errata/RHSA-2026:15976
Comment 39 errata-xmlrpc 2026-05-11 12:03:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:15978 https://access.redhat.com/errata/RHSA-2026:15978
Comment 40 errata-xmlrpc 2026-05-11 16:08:14 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:16018 https://access.redhat.com/errata/RHSA-2026:16018
Comment 41 errata-xmlrpc 2026-05-11 19:58:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:16063 https://access.redhat.com/errata/RHSA-2026:16063
Comment 42 errata-xmlrpc 2026-05-11 23:41:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions

Via RHSA-2026:16111 https://access.redhat.com/errata/RHSA-2026:16111
Comment 43 piotr.pietruszka 2026-05-12 06:31:23 UTC 
Will there be fixes for 9.2 EUS and 8.4, 8.2 EUS as well ?
Comment 44 errata-xmlrpc 2026-05-12 12:26:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:16209 https://access.redhat.com/errata/RHSA-2026:16209
Comment 45 errata-xmlrpc 2026-05-12 12:31:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:16208 https://access.redhat.com/errata/RHSA-2026:16208
Comment 46 errata-xmlrpc 2026-05-12 12:36:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions

Via RHSA-2026:16210 https://access.redhat.com/errata/RHSA-2026:16210
Comment 48 errata-xmlrpc 2026-05-13 13:55:09 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2026:15087 https://access.redhat.com/errata/RHSA-2026:15087
Comment 49 errata-xmlrpc 2026-05-13 14:16:33 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2026:14773 https://access.redhat.com/errata/RHSA-2026:14773
Comment 50 errata-xmlrpc 2026-05-19 13:08:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:19074 https://access.redhat.com/errata/RHSA-2026:19074
Comment 51 errata-xmlrpc 2026-05-19 18:03:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:19225 https://access.redhat.com/errata/RHSA-2026:19225