[SRU][Q/N/J][PATCH v2 0/3] CVE-2026-31431

Thu Apr 30 19:28:03 UTC 2026

https://ubuntu.com/security/CVE-2026-31431

[ Impact ]

CVE-2026-31431 is a local privilege escalation vulnerability
in the Linux kernel's AF_ALG (Algorithm) socket subsystem.

The vulnerability allows an unprivileged local user to perform a deterministic,
controlled 4-byte write into the kernel page cache of any file that the attacker
can read, including setuid-root binaries such as /usr/bin/su.
Because the page cache is what the kernel consults when executing a file,
the corrupted in-memory copy is immediately visible system-wide without the on-disk
checksum being altered.

[ Fix ]

* Questing, cherry pick the following patches from upstream:
  - a664bf3d603d crypto: algif_aead - Revert to operating out-of-place
  - 5aa58c3a572b crypto: algif_aead - snapshot IV for async AEAD requests
  - e02494114ebf crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
  - 1f48ad3b19a9 crypto: authencesn - Fix src offset when decrypting in-place
  - 31d00156e50e crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
  - 3d14bd48e3a7 crypto: algif_aead - Fix minimum RX size check for decryption

* Noble, cherry pick the following patches from linux-6.12.y:
  - 41c3aa511e6e crypto: scatterwalk - Backport memcpy_sglist()
  - 183137264401 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
  - 8b88d99341f1 crypto: algif_aead - Revert to operating out-of-place
  - 46fdb39e8322 crypto: algif_aead - snapshot IV for async AEAD requests
  - 7bc058a9b82b crypto: authenc - use memcpy_sglist() instead of null skcipher
  - 89fe118b6470 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
  - 129f12934401 crypto: authencesn - Fix src offset when decrypting in-place
  - c8369a6d62f5 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
  - af2fa2fbbced crypto: algif_aead - Fix minimum RX size check for decryption

* Jammy, cherry pick the following patches from linux-5.15.y:
  - 36435a56cd6b crypto: scatterwalk - Backport memcpy_sglist()
  - 17774d99bb43 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
  - 19d43105a97b crypto: algif_aead - Revert to operating out-of-place
  - a920cabdb0b7 crypto: algif_aead - snapshot IV for async AEAD requests
  - e416c41a96c8 crypto: authenc - use memcpy_sglist() instead of null skcipher
  - d589abd8b019 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
  - 723bb1b4a6dd crypto: authencesn - Fix src offset when decrypting in-place
  - 2b781d1d4f93 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
  - fd427dd84f22 crypto: algif_aead - Fix minimum RX size check for decryption

[ Test Plan ]

Compiled and boot tested.
Tested using the publicly available exploit.
Tested using LTP crypto testsuite for regressions.
Tested using libkcapi test.sh for regressions.
(https://github.com/smuellerDD/libkcapi/tree/master)

[ Where Problems Could Occur ]

The fix reverts the 2017 in-place optimization entirely, restoring out-of-place
operation in algif_aead. A bug in the new out-of-place TX SGL allocation
or AAD copy path could produce corrupt ciphertext, failed tag verification,
or memory mismanagement under edge-case input lengths, affecting every consumer
of the AF_ALG AEAD interface kernel-wide.

[ Changes between v1 and v2 ]

Added 3d14bd48e3a7 ("algif_aead - Fix minimum RX size check for decryption")
to both Noble and Questing.

Added libkcapi test.sh tests in test plan.