ACK/Cmnt: [SRU][Q/N/J][PATCH 0/3] CVE-2026-31431

Thu Apr 30 15:09:57 UTC 2026

On 30/04/2026 14:30, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2026-31431
> 
> [ Impact ]
> 
> CVE-2026-31431 is a local privilege escalation vulnerability
> in the Linux kernel's AF_ALG (Algorithm) socket subsystem.
> 
> The vulnerability allows an unprivileged local user to perform a deterministic,
> controlled 4-byte write into the kernel page cache of any file that the attacker
> can read, including setuid-root binaries such as /usr/bin/su.
> Because the page cache is what the kernel consults when executing a file,
> the corrupted in-memory copy is immediately visible system-wide without the on-disk
> checksum being altered.
> 
> [ Fix ]
> 
> * Questing, cherry pick the following patches from upstream:
>    - a664bf3d603d crypto: algif_aead - Revert to operating out-of-place
>    - 5aa58c3a572b crypto: algif_aead - snapshot IV for async AEAD requests
>    - e02494114ebf crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>    - 1f48ad3b19a9 crypto: authencesn - Fix src offset when decrypting in-place
>    - 31d00156e50e crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
> 
> * Noble, cherry pick the following patches from linux-6.12.y:
>    - 41c3aa511e6e crypto: scatterwalk - Backport memcpy_sglist()
>    - 183137264401 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
>    - 8b88d99341f1 crypto: algif_aead - Revert to operating out-of-place
>    - 46fdb39e8322 crypto: algif_aead - snapshot IV for async AEAD requests
>    - 7bc058a9b82b crypto: authenc - use memcpy_sglist() instead of null skcipher
>    - 89fe118b6470 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>    - 129f12934401 crypto: authencesn - Fix src offset when decrypting in-place
>    - c8369a6d62f5 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
> 
> * Jammy, cherry pick the following patches from linux-5.15.y:
>    - 36435a56cd6b crypto: scatterwalk - Backport memcpy_sglist()
>    - 17774d99bb43 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
>    - 19d43105a97b crypto: algif_aead - Revert to operating out-of-place
>    - a920cabdb0b7 crypto: algif_aead - snapshot IV for async AEAD requests
>    - e416c41a96c8 crypto: authenc - use memcpy_sglist() instead of null skcipher
>    - d589abd8b019 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>    - 723bb1b4a6dd crypto: authencesn - Fix src offset when decrypting in-place
>    - 2b781d1d4f93 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
>    - fd427dd84f22 crypto: algif_aead - Fix minimum RX size check for decryption
> 
> [ Test Plan ]
> 
> Compiled and boot tested.
> Tested using the publicly available exploit.
> Tested using LTP crypto testsuite for regressions.
> 
> [ Where Problems Could Occur ]
> 
> The fix reverts the 2017 in-place optimization entirely, restoring out-of-place
> operation in algif_aead. A bug in the new out-of-place TX SGL allocation
> or AAD copy path could produce corrupt ciphertext, failed tag verification,
> or memory mismanagement under edge-case input lengths, affecting every consumer
> of the AF_ALG AEAD interface kernel-wide.
> 
> 
Based on testing done.

Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 52669 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260430/4f62ee15/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20260430/4f62ee15/attachment-0001.sig>