ACK: [SRU][Q/N/J][PATCH v2 0/3] CVE-2026-31431

Mon May 4 09:43:24 UTC 2026

On 4/30/26 22:28, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2026-31431
> 
> [ Impact ]
> 
> CVE-2026-31431 is a local privilege escalation vulnerability
> in the Linux kernel's AF_ALG (Algorithm) socket subsystem.
> 
> The vulnerability allows an unprivileged local user to perform a deterministic,
> controlled 4-byte write into the kernel page cache of any file that the attacker
> can read, including setuid-root binaries such as /usr/bin/su.
> Because the page cache is what the kernel consults when executing a file,
> the corrupted in-memory copy is immediately visible system-wide without the on-disk
> checksum being altered.
> 
> [ Fix ]
> 
> * Questing, cherry pick the following patches from upstream:
>   - a664bf3d603d crypto: algif_aead - Revert to operating out-of-place
>   - 5aa58c3a572b crypto: algif_aead - snapshot IV for async AEAD requests
>   - e02494114ebf crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>   - 1f48ad3b19a9 crypto: authencesn - Fix src offset when decrypting in-place
>   - 31d00156e50e crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
>   - 3d14bd48e3a7 crypto: algif_aead - Fix minimum RX size check for decryption
> 
> * Noble, cherry pick the following patches from linux-6.12.y:
>   - 41c3aa511e6e crypto: scatterwalk - Backport memcpy_sglist()
>   - 183137264401 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
>   - 8b88d99341f1 crypto: algif_aead - Revert to operating out-of-place
>   - 46fdb39e8322 crypto: algif_aead - snapshot IV for async AEAD requests
>   - 7bc058a9b82b crypto: authenc - use memcpy_sglist() instead of null skcipher
>   - 89fe118b6470 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>   - 129f12934401 crypto: authencesn - Fix src offset when decrypting in-place
>   - c8369a6d62f5 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
>   - af2fa2fbbced crypto: algif_aead - Fix minimum RX size check for decryption
> 
> * Jammy, cherry pick the following patches from linux-5.15.y:
>   - 36435a56cd6b crypto: scatterwalk - Backport memcpy_sglist()
>   - 17774d99bb43 crypto: algif_aead - use memcpy_sglist() instead of null skcipher
>   - 19d43105a97b crypto: algif_aead - Revert to operating out-of-place
>   - a920cabdb0b7 crypto: algif_aead - snapshot IV for async AEAD requests
>   - e416c41a96c8 crypto: authenc - use memcpy_sglist() instead of null skcipher
>   - d589abd8b019 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption
>   - 723bb1b4a6dd crypto: authencesn - Fix src offset when decrypting in-place
>   - 2b781d1d4f93 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
>   - fd427dd84f22 crypto: algif_aead - Fix minimum RX size check for decryption
> 
> 
> [ Test Plan ]
> 
> Compiled and boot tested.
> Tested using the publicly available exploit.
> Tested using LTP crypto testsuite for regressions.
> Tested using libkcapi test.sh for regressions.
> (https://github.com/smuellerDD/libkcapi/tree/master)
> 
> [ Where Problems Could Occur ]
> 
> The fix reverts the 2017 in-place optimization entirely, restoring out-of-place
> operation in algif_aead. A bug in the new out-of-place TX SGL allocation
> or AAD copy path could produce corrupt ciphertext, failed tag verification,
> or memory mismanagement under edge-case input lengths, affecting every consumer
> of the AF_ALG AEAD interface kernel-wide.
> 
> [ Changes between v1 and v2 ]
> 
> Added 3d14bd48e3a7 ("algif_aead - Fix minimum RX size check for decryption")
> to both Noble and Questing.
> 
> Added libkcapi test.sh tests in test plan.

Acked-by: Cengiz Can <cengiz.can at canonical.com>