All CVEs
Vulnerability intelligence

CVE-2026-31431

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Linux Kernel

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CVSS Score
7.8
High
EPSS — Exploit Probability
96%
Riskier than 100% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-05-15
CISA required action

"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-05-15.

NVD entry Vendor patch PoC / advisory CISA KEV

17 articles across 13 outlets · first covered Apr 30, 2026 · latest May 27, 2026

Tracked incidents

Associated threat actors

Coverage timeline

Related CVEs — Linux