VDB
CVE-2026-31431
CVE-2026-31431
PUBLISHED
KEV
CVSS 7.800000190734863 HIGH
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
EPSS 2.24% · 84.9th percentile
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RC:C
EPSS Score
2.24%
84.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | B&R Industrial Automation GmbH APROL <APROL-AutoYaST-DVD- V4.4-010.10.260602 | |
| ABB | B&R Industrial Automation GmbH Linux for B&R <=12 | |
| ABB | B&R Industrial Automation GmbH X20EDS410 /all |
Timeline
- Apr 22, 2026 CVE Published
- Apr 23, 2026 Security Advisory
- Apr 30, 2026 PoC Published
- May 1, 2026 CISA KEV Added
- May 1, 2026 Security Advisory
- May 1, 2026 PoC Published
- May 5, 2026 Distribution Patch
- May 5, 2026 Security Advisory
- May 5, 2026 Distribution Patch
- May 5, 2026 Security Advisory
- May 6, 2026 Distribution Patch
- May 6, 2026 Security Advisory
References
- https://psirt.abb.com/csaf/2026/sa26p010.json advisory
- https://br-cws-assets.de-fra-1.linodeobjects.com/SA26P010-0ea64434.pdf advisory
- https://www.br-automation.com/fileadmin/Cyber_Security_-_Defense_in_Depth_for_BR_Products-bdd37e82.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-31431 advisory
- Why your code is safe from Copy Fail on Fastly Compute third-party-analysis
- Blog third-party-analysis