201 matches found
Security Bulletin: Vulnerabilities in kernel library (CVE-2025-68724, CVE-2026-31431) affect Power HMC.
Summary The kernel library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-68724 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in...
crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431)
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead – Reverted to operating out-of-place. This primarily reverts to commit 72548b093ee3, except for the copying of the associated data. There is no benefit in performing in-place operations in algifaead, as the sour...
EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2026-2429)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...
Siemens SIMATIC S7-1500 Incorrect Resource Transfer Between Spheres (CVE-2026-31431)
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...
USN-8441-1: Linux kernel vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
EulerOS Virtualization 2.11.0 : kernel (EulerOS-SA-2026-2427)
According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : xfrm: esp: avoid in-place decrypt on shared skb fragsCVE-2026-43284 crypto: algifaead - Revert to operating...
Ubuntu 22.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8351-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8351-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...
USN-8391-1 linux-raspi, linux-raspi-5.4 vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...
PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)
This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...
USN-8350-1 linux-nvidia-tegra vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
USN-8350-1: Linux kernel (NVIDIA Tegra) vulnerabilities
It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : kmod update (USN-8226-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8226-2 advisory. USN-8226-1 added a mitigation to kmod to disable loading the algifaead module. This update adds the same mitigation to Ubuntu...
CVE-2026-46028
A flaw was found in the Linux kernel's algifaead Authenticated Encryption with Associated Data subsystem. Asynchronous async requests for AEAD operations use a shared initialization vector IV buffer. This shared state can be modified by subsequent socket activity before an async request fully...
CVE-2026-46028
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...
CVE-2026-46028
CVE-2026-46028 — Linux kernel crypto/AF_ALG: per‑request IV storage for async AEAD . The vulnerability occurs in AF_ALG AEAD async requests that previously reused a socket‑wide IV buffer during processing, allowing later socket activity to modify the shared IV before the original request finished...
EUVD-2026-32409
In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of socket-level IV buffers in asynchronous AEAD requests within algifaead. This can lead ...
Ubuntu 24.04 LTS / 25.10 : Linux kernel (Azure) vulnerabilities (USN-8310-1)
"The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8310-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy...
PT-2026-43895
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the algif aead component where AF ALG AEAD AIO requests utilize a socket-wide IV Initialization Vector buffer during processing. For asynchronous requests, subsequent...