CVE Catalog

Actively exploited in the wild

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux — Kernel · Listed in the CISA KEV since 2026-05-01. This indicates confirmed attacks in production environments.

Required action: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-31431

HighCVSS 7.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
96.78%

100th percentile — higher than 100% of all known CVEs

Summary

In the Linux kernel, the in-place optimization for AEAD encryption via AF_ALG sockets has been reverted. Out-of-place operation is restored because source and destination come from different memory mappings, making the optimization unbeneficial. The complexity added for in-place operation has been removed, and associated data is copied directly.

Risk Assessment

This vulnerability may cause incorrect AEAD encryption behavior in the AF_ALG interface, potentially leading to data processing errors or information leaks. Organizations using Linux kernel with this feature are at risk of instability or confidentiality breaches.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit revert). Monitor distributions for the patch release and apply it in production systems.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS