CVE-2026-31431

high

VMware ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%

Exploitation probability in 30 days

Top 11% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: April 22, 2026 (21 days ago)

Last Modified: May 12, 2026

Vendor: VMware

Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2026-05-01

Remediation Due: 2026-05-15 (1d remaining)

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

CWE

CWE-669

Affected Products

linux linux kernelredhat openshift container platformredhat enterprise linuxamazon amazon linuxcanonical ubuntu linuxdebian debian linuxopensuse leapsuse caas platformsuse enterprise storagesuse manager proxy

References

🔗 git.kernel.org 🔗 git.kernel.org 🔗 git.kernel.org 🔗 git.kernel.org 🔗 git.kernel.org

CVE-2026-31431

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References