CVE-2026-31431

Confirmed PUBLISHED

crypto: algif_aead - Revert to operating out-of-place

Linux · Linux

1 day faster than CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High EPSS 96.8%

At a Glance

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

cisa linux
CVE Published
Apr 22, 2026
Exploitation Reported
Jun 01, 2026
CVSS
7.8 High
EPSS
96.8%
Low complexity No user interaction

Affected Versions

72 version rows · page 3 of 3

Vendor Product Version Status
Siemens
SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

V3.1.5 to < *

Affected
Siemens
SIMATIC S7-1500 TM MFP - GNU/Linux subsystem

0 to < *

Affected
Siemens
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP

V3.1.6 to < *

Affected
Siemens
SIPLUS S7-1500 CPU 1518-4 PN/DP MFP

V3.1.5 to < *

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < 893d22e0135fa394db81df88697fba6032747667

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < 19d43105a97be0810edbda875f2cd03f30dc130c

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < 961cfa271a918ad4ae452420e7c303149002875b

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < 3115af9644c342b356f3f07a4dd1c8905cd9a6fc

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < 8b88d99341f139e23bdeb1027a2a3ae10d341d82

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < ce42ee423e58dffa5ec03524054c9d8bfd4f6237

Affected
Linux
Linux

72548b093ee38a6d4f2a19e6ef1948ae05c181f7 to < a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5

Affected
Linux
Linux

4.14

Affected
Linux
Linux

0 to < 4.14

Unaffected
Linux
Linux

5.10.254 to <= 5.10.*

Unaffected
Linux
Linux

5.15.204 to <= 5.15.*

Unaffected
Linux
Linux

6.1.170 to <= 6.1.*

Unaffected
Linux
Linux

6.6.137 to <= 6.6.*

Unaffected
Linux
Linux

6.12.85 to <= 6.12.*

Unaffected
Linux
Linux

6.18.22 to <= 6.18.*

Unaffected
Linux
Linux

6.19.12 to <= 6.19.*

Unaffected
Linux
Linux

7.0 to <= *

Unaffected

CVE References

Show 3 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.