Exploit for CVE-2026-31431

CVE-2026-31431 Copy Fail Detection Toolkit Detection and an...

Exploit for CVE-2026-31431

Copy Fail CVE-2026-31431 – Exploit Usage Guide ⚠️ Discla...

ROS-20260324-73-0012

A vulnerability in the crypto component of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

SUSE CVE-2025-71231

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...

CVE-2025-71231

CVE-2025-71231 is addressed by a Linux kernel crypto: iaa fix that prevents an out-of-bounds index in find_empty_iaa_compression_mode and ensures a valid index or -EINVAL is returned. Connected OSV entries show Root patching the issue in rootio-linux for multiple distros (e.g., Root:Ubuntu 24.04,...

CVE-2025-71231 crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in findemptyiaacompressionmode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode can b...

EUVD-2026-5503

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When cryptoallocacomp fails, it returns an ERRPTR value, not NULL. The cleanup code in savecompressedimage and loadcompressedimage unconditionally calls...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003842)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003842 advisory. A memory leak in the cryptoreport function in crypto/cryptouserbase.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992987)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992987 advisory. In the Linux kernel, the following vulnerability has been resolved: kcm: fix strpinit order and cleanup strpinit is called just a few lines above this csk-skuserdata...

CVE-2025-68726 crypto: aead - Fix reqsize handling

In the Linux kernel, the following vulnerability has been resolved: crypto: aead - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...

CVE-2025-68262 crypto: zstd - fix double-free in per-CPU stream cleanup

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

kernel: crypto: tegra - do not transfer req when tegra init fails

In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - do not transfer req when tegra init fails The tegracmacinit or tegrashainit function may return an error when memory is exhausted. It should not transfer the request when they return an error...

SUSE CVE-2025-40022

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix incorrect boolean values in afalgctx Commit 1b34cbbf4f01 "crypto: afalg - Disallow concurrent writes in afalgsendmsg" changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to...

kernel: crypto: seqiv - Handle EBUSY correctly

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify...

CVE-2025-39964 crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencie...

CVE-2025-39964

CVE-2025-39964 affects the Linux kernel crypto: af_alg where two concurrent writes to the same af_alg socket could interleave data and corrupt internal socket state. The fix adds a dedicated exclusive ownership indicator (ctx->write) to prevent concurrent writes and ensure serialized access. I...

CVE-2025-39936 crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked()

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an error pointer to sevplatformshutdownlocked When 9770b428b1a2 "crypto: ccp - Move devinfo/err messages for SEV/SNP init and shutdown" moved the error messages dumping so that they don't need to be...

Linux Distros Unpatched Vulnerability : CVE-2023-53373

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free dat...