CVE-2026-31431

Warnung

Medienbericht

Exploit

EPSS 1.23%
Veröffentlicht 22.04.2026 08:15:10
Zuletzt bearbeitet 06.05.2026 13:53:24
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

crypto: algif_aead - Revert to operating out-of-place

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Revert to operating out-of-place

This mostly reverts commit 72548b093ee3 except for the copying of
the associated data.

There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings.  Get rid of
all the complexity added for in-place operation and just copy the
AD directly.

Betroffene Produkte Warnungen 3 Metriken 2 CWE 1 Referenzen 89

NVD 21 VulnDex Vulnerability Enrichment 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 4.14 < 5.10.254

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.204

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.170

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.137

Linux ≫ Linux Kernel Version >= 6.7 < 6.12.85

Linux ≫ Linux Kernel Version >= 6.13 < 6.18.22

Linux ≫ Linux Kernel Version >= 6.19 < 6.19.12

Linux ≫ Linux Kernel Version7.0 Updaterc1

Linux ≫ Linux Kernel Version7.0 Updaterc2

Linux ≫ Linux Kernel Version7.0 Updaterc3

Linux ≫ Linux Kernel Version7.0 Updaterc4

Linux ≫ Linux Kernel Version7.0 Updaterc5

Linux ≫ Linux Kernel Version7.0 Updaterc6

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Redhat ≫ Enterprise Linux Version10.1

Amazon ≫ Amazon Linux Version-

Canonical ≫ Ubuntu Linux Version-

Suse ≫ Suse Linux Version-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

01.05.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Schwachstelle

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

Beschreibung

"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

30.04.2026:

https://cert.europa.eu/publications/security-advisories/2026-005/

30.04.2026:

https://www.cert.at/de/warnungen/2026/4/copy-fail-kritische-linux-kernel-schwachstelle-ermoglicht-lokale-root-rechte

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.23%	0.792

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

https://thehackernews.com/2026/05/weekly-recap-ai-powered-phishing.html

Media Report

https://www.bleepingcomputer.com/news/security/cisa-says-copy-fail-flaw-now-exploited-to-root-linux-systems/

Media Report

https://www.heise.de/news/Linux-Luecke-Copy-Fail-wird-bereits-angegriffen-11279850.html

Media Report

https://thehackernews.com/2026/05/cisa-adds-actively-exploited-linux-root.html

Media Report

https://www.bleepingcomputer.com/news/security/new-linux-copy-fail-flaw-gives-hackers-root-on-major-distros/

Media Report

https://thehackernews.com/2026/04/new-linux-copy-fail-vulnerability.html

Media Report