NACK: [SRU][Q/N/J][PATCH 0/3] CVE-2026-31431

Massimiliano Pellizzer massimiliano.pellizzer at canonical.com
Thu Apr 30 19:28:23 UTC 2026 

On Thu, 30 Apr 2026 at 14:31, Massimiliano Pellizzer
<massimiliano.pellizzer at canonical.com> wrote:
>
> https://ubuntu.com/security/CVE-2026-31431
>
> [ Impact ]
>
> CVE-2026-31431 is a local privilege escalation vulnerability
> in the Linux kernel's AF_ALG (Algorithm) socket subsystem.
>
> The vulnerability allows an unprivileged local user to perform a deterministic,
> controlled 4-byte write into the kernel page cache of any file that the attacker
> can read, including setuid-root binaries such as /usr/bin/su.
> Because the page cache is what the kernel consults when executing a file,
> the corrupted in-memory copy is immediately visible system-wide without the on-disk
> checksum being altered.
>
> [ Fix ]
>
> * Questing, cherry pick the following patches from upstream:
>   - a664bf3d603d crypto: algif_aead - Revert to operating out-of-place
>   - 5aa58c3a572b crypto: algif_aead - snapshot IV for async AEAD requests
>   - e02494114ebf crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>   - 1f48ad3b19a9 crypto: authencesn - Fix src offset when decrypting in-place
>   - 31d00156e50e crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
>
> * Noble, cherry pick the following patches from linux-6.12.y:
>   - 41c3aa511e6e crypto: scatterwalk - Backport memcpy_sglist()
>   - 183137264401 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
>   - 8b88d99341f1 crypto: algif_aead - Revert to operating out-of-place
>   - 46fdb39e8322 crypto: algif_aead - snapshot IV for async AEAD requests
>   - 7bc058a9b82b crypto: authenc - use memcpy_sglist() instead of null skcipher
>   - 89fe118b6470 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>   - 129f12934401 crypto: authencesn - Fix src offset when decrypting in-place
>   - c8369a6d62f5 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
>
> * Jammy, cherry pick the following patches from linux-5.15.y:
>   - 36435a56cd6b crypto: scatterwalk - Backport memcpy_sglist()
>   - 17774d99bb43 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
>   - 19d43105a97b crypto: algif_aead - Revert to operating out-of-place
>   - a920cabdb0b7 crypto: algif_aead - snapshot IV for async AEAD requests
>   - e416c41a96c8 crypto: authenc - use memcpy_sglist() instead of null skcipher
>   - d589abd8b019 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>   - 723bb1b4a6dd crypto: authencesn - Fix src offset when decrypting in-place
>   - 2b781d1d4f93 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
>   - fd427dd84f22 crypto: algif_aead - Fix minimum RX size check for decryption
>
> [ Test Plan ]
>
> Compiled and boot tested.
> Tested using the publicly available exploit.
> Tested using LTP crypto testsuite for regressions.
>
> [ Where Problems Could Occur ]
>
> The fix reverts the 2017 in-place optimization entirely, restoring out-of-place
> operation in algif_aead. A bug in the new out-of-place TX SGL allocation
> or AAD copy path could produce corrupt ciphertext, failed tag verification,
> or memory mismanagement under edge-case input lengths, affecting every consumer
> of the AF_ALG AEAD interface kernel-wide.
>

NACK, v2 coming

-- 
Massimiliano Pellizzer

More information about the kernel-team mailing list