Security Bulletin: IBM Storage Scale System: Vulnerability in Linux kernel crypto subsystem could allow local privilege escalation (CVE-2026-31431)

Summary IBM Storage Scale Systems is affected by a security vulnerability identified in the Linux kernel's cryptographic interface CVE-2026-31431 that could allow a local user with low privileges to escalate to root privileges. The vulnerability has a CVSS score of 7.8 High and requires local...

CVE-2026-43330

CVE-2026-43330 relates to the Linux kernel crypto/caam path, where an overflow occurs when a long HMAC key (longer than the block size) is copied for hashing. The vulnerability arises because the copy’s allocated memory is aligned for DMA, and the original kmemdup path could read beyond the key b...

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

In this article 1. Vulnerability details 2. Mitigation and protection guidance 3. Microsoft Defender XDR detections 4. References 5. Learn more Microsoft Defender is investigating a high-severity local privilege escalation vulnerability CVE-2026-31431 affecting multiple major Linux distributions...

CVE-2026-31719

A flaw was found in the krb5enc module of the Linux kernel's crypto subsystem. When performing asynchronous decryption, the krb5encdispatchdecrypt function incorrectly bypasses the integrity verification hash check. This issue occurs because the skcipher completion handler signals completion...

Exploit for CVE-2026-31431

copy.fail — AFALG AEAD splice primitive - CVE-2026-31431 C por...

Exploit for CVE-2026-31431

SSIA - System Structural Integrity Audit A tool kit for disco...

ROS-20260324-73-0012

A vulnerability in the crypto component of the Linux operating system kernel is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service...

CVE-2025-68262 crypto: zstd - fix double-free in per-CPU stream cleanup

In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...

Linux Distros Unpatched Vulnerability : CVE-2024-26877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling cryptofinalizerequest, BH shoul...

Linux Distros Unpatched Vulnerability : CVE-2021-47056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADFSTATUSPFRUNNING should be set after adfdevinit ADFSTATUSPFRUNNING is only...

CVE-2024-53162

Linux kernel vulnerability CVE-2024-53162 in crypto: qat/qat_4xxx driver. Off-by-one in uof_get_name() can trigger out-of-bounds read when iterating fw_objs[] (/fw_objs has num_objs elements). The fix changes a comparison from > to >= to prevent reading beyond the array. No exploitation det...

DEBIAN-CVE-2024-47732

In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix potential use after free bug The freedevicecompressionmodeiaadevice, devicemode function frees "devicemode" but it iss passed to iaacompressionmodesi-free a few lines later resulting in a use after free. The goo...

The vulnerability of the sun8i-ce_cipher_do_one() function in the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c file of the Allwinner Crypto Engine driver for the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the sun8icecipherdoone function in the drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c file of the Allwinner Crypto Engine driver for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker...

CVE-2007-3945

Rule Set Based Access Control RSBAC before 1.3.5 does not properly use the Linux Kernel Crypto API for the Linux kernel 2.6.x, which allows context-dependent attackers to bypass authentication controls via unspecified vectors, possibly involving User Management password hashing and unchecked...