ThreatLevelBeta
Planned Fix

CVE-2026-31431

Local Privilege Escalation in Linux Kernel ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-31431?utm_source=openai))
Loading...

Summary

A flaw in the Linux kernel's algif_aead path within the AF_ALG AEAD socket interface lets a local user reach code that handles source and destination mappings incorrectly. Crafted AEAD requests combined with `splice()` can overwrite bytes in the page cache of a readable file, including setuid binaries. On affected systems this can turn ordinary local access into root and may enable container breakout on shared kernels. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-31431?utm_source=openai))

Why Planned Fix?

4/6
Authentication required
Internal deployment
No user interaction needed
Exploitable in default configuration
Active exploitation in the wild
High impact vulnerability

Exploitation Details

Type
LPE (Local Privilege Escalation)
Is exploitable with default configuration?
Yes
Is authentication needed?
Yes
PoC / Exploit
Yes
github.com
Impact

Escalate an unprivileged local user to root. ([ubuntu.com](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available))

Privilege Escalation
Exploitation Requirements
  • Authentication required
Exploitation Process

An attacker first obtains any ordinary local shell on a vulnerable Linux host. They create an AF_ALG AEAD socket, bind it to `authencesn(hmac(sha256),cbc(aes))`, and drive the request with crafted `sendmsg()` and `recvmsg()` parameters while using `splice()` to feed page-cache-backed file data into the crypto pipeline. The exploit coerces a small controlled write into the cached contents of a readable file, and if the target is a setuid binary such as `/usr/bin/su`, running it yields root. ([github.com](https://github.com/TheMalwareGuardian/CVE-2026-31431))

Detection Resources
Manual Detection
microsoft.comrfxn.com
2
Script Detection
github.com
1
Scanner Detection
Tenable NessusQualys
2

Affected Software

Vendor:Linux
ProductAffected Versions
Linux kernel4.14 through < 5.10.254, 5.11 through < 5.15.204, 5.16 through < 6.1.170, 6.2 through < 6.6.137, 6.7 through < 6.12.85, 6.13 through < 6.18.22, 6.19 through < 6.19.12, and 7.0-rc1 through 7.0-rc7 ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-31431?utm_source=openai))
Description

The core operating-system kernel used by Linux distributions to manage hardware, processes, memory, filesystems, networking, and kernel APIs. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-31431?utm_source=openai))

Deployment:Typically internal
|
Protocol:AF_ALG
|
Ports:
Affected Componentalgif_aead in the AF_ALG AEAD socket interface, especially the in-place decrypt path reached through `bind()`, `sendmsg()`, `recvmsg()`, and `splice()`. ([ubuntu.com](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available))

algif_aead in the AF_ALG AEAD socket interface, especially the in-place decrypt path reached through `bind()`, `sendmsg()`, `recvmsg()`, and `splice()`. ([ubuntu.com](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available))

Affected Endpoints(3)crypto/algif_aead.c, crypto/af_alg.c…
1.crypto/algif_aead.c
2.crypto/af_alg.c
3.include/crypto/if_alg.h
Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:Big
Remediation
Workaround
Disable `algif_aead` on vulnerable hosts (`rmmod algif_aead`; blacklist it with `install algif_aead /bin/false`) or block AF_ALG for untrusted workloads until patched. ([ubuntu.com](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available))

Disable `algif_aead` on vulnerable hosts (`rmmod algif_aead`; blacklist it with `install algif_aead /bin/false`) or block AF_ALG for untrusted workloads until patched. ([ubuntu.com](https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available))

ubuntu.com
Patch
Apply your vendor's packaged kernel errata that backports the same fix on supported releases. Red Hat and Ubuntu both published vendor guidance and fixed packages for affected streams. ([access.redhat.com](https://access.redhat.com/security/vulnerabilities/RHSB-2026-002?utm_source=openai))

Apply your vendor's packaged kernel errata that backports the same fix on supported releases. Red Hat and Ubuntu both published vendor guidance and fixed packages for affected streams. ([access.redhat.com](https://access.redhat.com/security/vulnerabilities/RHSB-2026-002?utm_source=openai))

access.redhat.com
Update
Upgrade to a kernel build that includes upstream fix commit `a664bf3d603d`, or a distro backport of the same revert. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-31431?utm_source=openai))

Upgrade to a kernel build that includes upstream fix commit `a664bf3d603d`, or a distro backport of the same revert. ([nvd.nist.gov](https://nvd.nist.gov/vuln/detail/CVE-2026-31431?utm_source=openai))

git.kernel.org
Threat Intelligence
EPSS Score4.1%

Probability of exploitation in the next 30 days

EPSS Percentile89%

Worse than 89% of all CVEs

Last updated: Loading...
CISAKEV
CISA KEV
Listed
Loading...
Active Exploitation
Active
threatprotect.qualys.com
Threat Actors

No known threat actors

Detection Rules3
Sigma
Potential Copy Fail (CVE-2026-31431) Exploitation via AF_ALG Socket - Socket Creation Burst
Sigma
Potential Copy Fail (CVE-2026-31431) Exploitation via AF_ALG Socket - Privilege Escalation
Other
Sequence of non-root AF_ALG or splice activity followed by root execution from the same process tree

NVD Data

Published: Loading...Modified: Loading...

Description Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CVSS Base Score

7.8
High

CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-669 Incorrect Resource Transfer Between Spheres
|
NVD:CVE-2026-31431
|
Version From:4.14, 2024.4.0, 2024.2.0, 4.5.0, 3.1.5, 3.1.5, 3.1.5
|
Version Upto:5.10.254, 25.11, 2025.2.2, 2026.1.0, 6.4.1, 7.1.0, 1.1

Affected Software (CPE) (165)

  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:10.1:*:*:*:*:*:*:*
  • cpe:2.3:o:amazon:amazon_linux:-:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.5:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.6:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:enterprise_storage:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_proxy:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_retail_branch_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:basesystem_module:15:sp1:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:basesystem_module:15:sp2:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:basesystem_module:15:sp3:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:basesystem_module:15:sp4:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:basesystem_module:15:sp5:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:basesystem_module:15:sp6:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:basesystem_module:15:sp7:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:development_tools_module:15:sp1:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:development_tools_module:15:sp2:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:development_tools_module:15:sp3:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:development_tools_module:15:sp4:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:development_tools_module:15:sp5:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:development_tools_module:15:sp6:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:development_tools_module:15:sp7:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:legacy_module:15:sp7:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:15:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:15:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:15:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:15:sp5:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:15:sp6:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:15:sp7:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp6:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_availability_extension:15:sp7:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_availability_extension:16.0:-:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:espos:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp1:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:espos:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:espos:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp3:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:espos:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp4:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:espos:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp5:*:*:ltss:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp6:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_high_performance_computing:15.0:sp7:*:*:-:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_live_patching:12:sp5:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp5:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp6:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_live_patching:15:sp7:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.0:*:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.1:*:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.2:*:*:*:*:rancher:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.3:*:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.3:*:*:*:*:rancher:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.4:*:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.4:*:*:*:*:rancher:*:*
  • cpe:2.3:o:suse:linux_enterprise_micro:5.5:*:*:*:*:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp2:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp5:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp6:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time:15.0:sp7:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss_extreme_core:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:espos:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp4:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:12:sp5:*:*:ltss_extended_security:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:business_critical_linux:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp1:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:business_critical_linux:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:business_critical_linux:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp3:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp4:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp5:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp6:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp6:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp6:*:*:ltss:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp7:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:15:sp7:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:16.0:-:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:16.0:-:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:16.1:-:*:*:-:-:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:16.1:-:*:*:-:sap:*:*
  • cpe:2.3:o:suse:linux_enterprise_workstation_extension:15:sp7:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_micro:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_micro:6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_micro:6.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:public_cloud_module:15:sp6:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:public_cloud_module:15:sp7:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:realtime_module:15:sp3:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:realtime_module:15:sp4:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:realtime_module:15:sp5:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:realtime_module:15:sp6:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:suse:realtime_module:15:sp7:*:*:*:suse_linux_enterprise:*:*
  • cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*
  • cpe:2.3:a:arista:cloudvision_agni:*:*:*:*:*:-:*:*
  • cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*
  • cpe:2.3:a:arista:velocloud_edge:*:*:*:*:*:*:*:*
  • cpe:2.3:a:arista:velocloud_gateway:-:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:velocloud_orchestrator:-:*:*:*:*:*:*:*
  • cpe:2.3:o:arista:netvisor_os:*:*:*:*:*:*:*:*
  • cpe:2.3:o:arista:netvisor_os:7.1.0:-:*:*:*:*:*:*
  • cpe:2.3:o:arista:netvisor_os:7.1.0:hotfix7:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_cpu_1518f-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:siplus_s7-1500_cpu_1518-4_pn\/dp_mfp_firmware:*:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_s7-1500_tm_mfp_firmware:*:*:*:*:*:*:*:*

Sources

12
SourceArticle
nvd.nist.govNVD CVE-2026-31431
lore.kernel.orgLinux CVE announcement for CVE-2026-31431
git.kernel.orgLinux kernel fix commit a664bf3d603d
ubuntu.comUbuntu fixes available for CVE-2026-31431
access.redhat.comRed Hat RHSB-2026-002
microsoft.comMicrosoft Security blog on CVE-2026-31431
threatprotect.qualys.comQualys ThreatPROTECT exploited in the wild
elastic.coElastic rule for Copy Fail AF_ALG exploitation
feed.craftedsignal.ioCraftedSignal Copy Fail AF_ALG exploitation rules
github.comTheori exploit repository
github.comTheMalwareGuardian Copy Fail guide
rfxn.comR-fx Networks AF_ALG mitigation

Priority History

Planned FixLoading...

Initial analysis

Emergency FixLoading...

Elevated — all critical conditions met

Planned FixLoading...

Reassessed to Planned Fix