In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/T
For any Fedora users finding a link here: this was fixed in kernel 6.19.12, and all current Fedora branches are already at or past that version.
https://copy.fail/#exploit
So when can we expect updates? :) Suse has released updates, even almalinux has released updates https://almalinux.org/blog/2026-05-01-cve-2026-31431-copy-fail/ :)
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:13565 https://access.redhat.com/errata/RHSA-2026:13565
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:13566 https://access.redhat.com/errata/RHSA-2026:13566
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:13578 https://access.redhat.com/errata/RHSA-2026:13578
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:13577 https://access.redhat.com/errata/RHSA-2026:13577
Hello, When can we expect the fix to be available in RHEL-9.4.z and RHEL9.6.z kernel versions ? Regards
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2026:13681 https://access.redhat.com/errata/RHSA-2026:13681
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:13734 https://access.redhat.com/errata/RHSA-2026:13734
This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:13887 https://access.redhat.com/errata/RHSA-2026:13887
(In reply to Apoorv Verma from comment #10) > Hello, > > When can we expect the fix to be available in RHEL-9.4.z and RHEL9.6.z > kernel versions ? > > Regards 9.4 and 9.6 sap and 9.6 eus are also missing in the affected packages list on https://access.redhat.com/security/cve/cve-2026-31431#cve-affected-packages
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:13936 https://access.redhat.com/errata/RHSA-2026:13936
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:13932 https://access.redhat.com/errata/RHSA-2026:13932
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.21 Via RHSA-2026:13811 https://access.redhat.com/errata/RHSA-2026:13811
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:14137 https://access.redhat.com/errata/RHSA-2026:14137
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.20 Via RHSA-2026:13862 https://access.redhat.com/errata/RHSA-2026:13862
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On Via RHSA-2026:14165 https://access.redhat.com/errata/RHSA-2026:14165
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.19 Via RHSA-2026:13690 https://access.redhat.com/errata/RHSA-2026:13690
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2026:14230 https://access.redhat.com/errata/RHSA-2026:14230
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:14301 https://access.redhat.com/errata/RHSA-2026:14301
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:14339 https://access.redhat.com/errata/RHSA-2026:14339
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.18 Via RHSA-2026:13727 https://access.redhat.com/errata/RHSA-2026:13727
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2026:13729 https://access.redhat.com/errata/RHSA-2026:13729
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.17 Via RHSA-2026:13885 https://access.redhat.com/errata/RHSA-2026:13885
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2026:14112 https://access.redhat.com/errata/RHSA-2026:14112
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2026:14097 https://access.redhat.com/errata/RHSA-2026:14097
Are RHEL kpatches expected to be released for this vulnerability ?
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:15976 https://access.redhat.com/errata/RHSA-2026:15976
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:15978 https://access.redhat.com/errata/RHSA-2026:15978
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:16018 https://access.redhat.com/errata/RHSA-2026:16018
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2026:16063 https://access.redhat.com/errata/RHSA-2026:16063
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Via RHSA-2026:16111 https://access.redhat.com/errata/RHSA-2026:16111
Will there be fixes for 9.2 EUS and 8.4, 8.2 EUS as well ?
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2026:16209 https://access.redhat.com/errata/RHSA-2026:16209
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2026:16208 https://access.redhat.com/errata/RHSA-2026:16208
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Via RHSA-2026:16210 https://access.redhat.com/errata/RHSA-2026:16210
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2026:15087 https://access.redhat.com/errata/RHSA-2026:15087
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2026:14773 https://access.redhat.com/errata/RHSA-2026:14773
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19074 https://access.redhat.com/errata/RHSA-2026:19074
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19225 https://access.redhat.com/errata/RHSA-2026:19225