CVE-2026-31431

Confirmed PUBLISHED

crypto: algif_aead - Revert to operating out-of-place

Linux · Linux

1 day faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 96.8%

At a Glance

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

cisa linux
CVE Published
Apr 22, 2026
Exploitation Reported
Jun 01, 2026
CVSS
7.8 High
EPSS
96.8%
Low complexity No user interaction

Affected Versions

72 version rows · page 2 of 3

Vendor Product Version Status
Red Hat
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

kpatch-patch

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 9.4 Extended Update Support

kernel

0:5.14.0-427.124.1.el9_4 to < *

Unaffected
Red Hat
Red Hat Enterprise Linux 9.4 Extended Update Support

kpatch-patch

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 9.6 Extended Update Support

kernel

0:5.14.0-570.112.1.el9_6 to < *

Unaffected
Red Hat
Red Hat Enterprise Linux 9.6 Extended Update Support

kpatch-patch

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.12

rhcos

412.86.202605060316-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.13

rhcos

413.92.202605051442-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.14

rhcos

414.92.202605060243-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.15

rhcos

415.92.202605060220-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.16

rhcos

416.94.202605042300-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.17

rhcos

417.94.202605050021-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.18

rhcos

418.94.202605042017-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.19

rhcos

4.19.9.6.202605042214-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.20

rhcos

4.20.9.6.202605051409-0 to < *

Unaffected
Red Hat
Red Hat OpenShift Container Platform 4.21

rhcos

4.21.9.6.202605051105-0 to < *

Unaffected
Red Hat
Red Hat Enterprise Linux 6

kernel

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 7

kernel

All versions (default: unaffected)

Unaffected
Red Hat
Red Hat Enterprise Linux 7

kernel-rt

All versions (default: unaffected)

Unaffected
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.6 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.6 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.6 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.6 to < *

Affected

CVE References

Show 3 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.