← back
CVE-2026-31431

crypto: algif_aead - Revert to operating out-of-place

CVSS 7.8 HIGHEPSS 96.8%● KEVCWE-669
In short

A flaw in the Linux kernel's AEAD encryption interface allowed inefficient in-place memory operations that could be exploited. The fix reverts to safer out-of-place operations where input and output are kept separate, improving both security and performance.

Technical detail

CVE-2026-31431 addresses a vulnerability in the algif_aead (AEAD algorithm interface) within the Linux kernel's crypto subsystem where in-place encryption operations introduced unnecessary complexity and potential security risks. The vulnerability stems from attempting to operate on the same memory location for both source and destination when these buffers originate from different memory mappings; the remediation reverts to out-of-place operations that copy associated data directly, eliminating attack surface and improving reliability.

Summary generated and translated by AI from the official description.
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Linux · Linux
public PoCs found97
githubgithub.com/tgies/copy-fail-c429githubgithub.com/cozystack/copy-fail-blocker31githubgithub.com/KaraZajac/DIRTYFAIL19githubgithub.com/Smarttfoxx/copyfail18githubgithub.com/sgkdev/ptrace_may_dream15githubgithub.com/JuanBindez/CVE-2026-3143113githubgithub.com/philfry/cve-2026-31431-ftrace12githubgithub.com/ochebotar/copy-fail-CVE-2026-31431-detection-probe10githubgithub.com/yandex-cloud-examples/yc-mk8s-copy-fail-mitigation10githubgithub.com/4xura/CVE-2026-31431-Copy-Fail6githubgithub.com/infiniroot/ansible-mitigate-copyfail-dirtyfrag6githubgithub.com/samanzamani/copy-fail-checker4githubgithub.com/lonelyor/CVE-2026-31431-exp3githubgithub.com/haydenjames/CVE-2026-31431-check3githubgithub.com/Pithase/asm-copyfail3githubgithub.com/Dullpurple-sloop726/CVE-2026-31431-Linux-Copy-Fail3githubgithub.com/guiimoraes/CVE-2026-314313githubgithub.com/Koshmare-Blossom/Copyfail-sh3githubgithub.com/krisiasty/vcheck2githubgithub.com/insomnisec/Detections-CVE-2026-314312githubgithub.com/Iamliuxiaozhen/copy_fail2githubgithub.com/Aurillium/RootRemover2githubgithub.com/rvzsec/CVE-2026-314312githubgithub.com/bootsareme/copyfail-deconstructed2githubgithub.com/adityasingh108/CVE-2026-31431-Metasploit-exploit2githubgithub.com/waltrone1/copyfail-safe-check2githubgithub.com/juliosuas/copyfail-guard2githubgithub.com/dgrobinson0/CopyFile_CVE-2026-314311githubgithub.com/gagaltotal/cve-2026-31431-copy-fail1githubgithub.com/studiogangster/CVE-2026-314311githubgithub.com/gbonacini/CVE-2026-314311githubgithub.com/itsystem/afalg-check1githubgithub.com/4n4s4zi/copyfail-alpine1githubgithub.com/karollooool/Porting-CVE-2026-31431-Copy-Fail-to-a-Constrained-Java-Runner1githubgithub.com/Sebastian294/cve-2026-314311githubgithub.com/OpenPixelSystems/c-copy-fail1githubgithub.com/u1tr0nex/CVE-2026-31431-CopyFail-Lab0githubgithub.com/hyz-is/copyfail-fix0githubgithub.com/SystemVll/CVE-2026-31431-copyfail-aarch640githubgithub.com/DroPZsec/SplicePrivillegeEscalationFIX0githubgithub.com/kuniyal08/Copy-Fail-CVE-2026-31431-Lab0githubgithub.com/SilverRuler/copy-fail-CVE-2026-314310githubgithub.com/0xFuffM3/CVE-2026-31431-CopyFail0githubgithub.com/dotPY-hax/CopyFail0githubgithub.com/zKaaanon/ProyectoFinalSO0githubgithub.com/Maxime288/CVE-2026-31431-Copy-Fail-R-pertoire-de-Pr-vention0githubgithub.com/royayub/CVE-2026-314310githubgithub.com/Yakovyakov/cve-2026-31431-mitigation0githubgithub.com/cj667113/OCI-Ansible-Fix-CVE-2026-314310githubgithub.com/GubiczaP/cve-2026-31431-checker0githubgithub.com/yangh-beep/CVE-2026-31431-C0githubgithub.com/JimmyPughtron/CVE-2026-31431-Copy-Fail---Minified-LPE-PoC0githubgithub.com/wh1sky02/copy-fail-python0githubgithub.com/ridhinva/linux-kernel-algif-aead-checker0githubgithub.com/1neptune/CopyFail0githubgithub.com/polyakovavv/copyfail0githubgithub.com/John-Popovici/CVE-2026-31431-CopyFail-Linux-PrivEsc0githubgithub.com/ryan2929/CVE-2026-314310githubgithub.com/adampielak/CVE-2026-31431_SCA_WAZUH0githubgithub.com/selectel/mks-copy-fail-mitigation0githubgithub.com/Juguitos/copy-fail0githubgithub.com/deckhouse/d8-copy-fail-mitigation0githubgithub.com/HulnotHutu/CVE-2026-314310githubgithub.com/OmerAti/almalinux-fix-cve-2026-314310githubgithub.com/K3ysTr0K3R/CVE-2026-31431-EXPLOIT0githubgithub.com/monobrau/copyfailscan0githubgithub.com/ROSNLR5/modrosnlr50githubgithub.com/suominen/CVE-2026-314310githubgithub.com/aexdyhaxor/CVE-2026-31431-copy-fail0githubgithub.com/Mrhudson69/cve-2026-314310githubgithub.com/6abc/Copy-Fail-CVE-2026-31431-dirty-frag-CVE-2026-432840githubgithub.com/Liverwortenuresis371/copyfail-rs0githubgithub.com/luoqianlin/copyfail-c0githubgithub.com/ikow/CVE-2026-31431-live-code-corruption0githubgithub.com/Mr-bv/Copy-fail-CVE-2026-31431-Exploit-in-C0githubgithub.com/adilkurtulmus/linux-copy-fail-CVE-2026-314310githubgithub.com/tang-yikai/copy-fail-mitigation-with-bpftrace0githubgithub.com/abdelkabirouadoukou/CVE-2026-31431-Analysis-and-Fix0githubgithub.com/julichaan/CVE-2026-31431-python-copyfail-POC0githubgithub.com/Morton-Li/copy-fail-CVE-2026-314310githubgithub.com/p401a-ops/Copy-Fail0githubgithub.com/ROSNLR5/MitigationToolkit-ROSN-LR5-Full0githubgithub.com/hori0729/CVE-2026-31431-Verificador-Exploit0githubgithub.com/vorkampfer/copy_fail_mitigation0githubgithub.com/Hunt-Benito/copy-fail-cve-2026-31431-linux-kernel-page-cache-lpe0githubgithub.com/Helios973/CVE-2026-31431_exp.c0githubgithub.com/cleozi/Copy_Grail0githubgithub.com/vorkampfer/copyfail2_electric_boogaloo_fix0githubgithub.com/Karim33z/CVE-2026-314310githubgithub.com/Lutfifakee-Project/CVE-2026-314310githubgithub.com/mauricioportela/CVE-2026-31431-Analysis0githubgithub.com/songzzzz/CVE-2026-314310githubgithub.com/vishvacyber/Detection-Tool-Kit-for-CVE-2026-314310githubgithub.com/tematemaru/CVE-2026-31431-simple-test0githubgithub.com/zs1n/copy-fail-CVE-2026-314310githubgithub.com/t1ckprivate/CVE-2026-31431-Copy-Fail0cve_referencegithub.com/theori-io/copy-fail-CVE-2026-31431unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigationhttps://cert-portal.siemens.com/productcert/html/ssa-082556.htmlhttps://cert-portal.siemens.com/productcert/html/ssa-265688.htmlhttps://copy.failhttps://github.com/theori-io/copy-fail-CVE-2026-31431https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130chttps://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fchttps://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875bhttps://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237