CISA Adds Exploited Linux Kernel LPE CVE-2026-31431 to KEV

CISA added CVE-2026-31431 ↗ to its Known Exploited Vulnerabilities catalog on May 1, 2026, citing active exploitation in the wild. The flaw is a local privilege escalation (LPE) in the Linux kernel’s cryptographic AEAD interface with a CVSS 3.1 score of 7.8 (HIGH). Federal civilian agencies are required to patch or mitigate by May 15, 2026. Patches covering all major stable kernel branches are available now.

Affected

• Product: Linux kernel
• Affected versions: Multiple stable branches from 2017 onward:
  • 4.14 through 5.10.253
  • 5.11 through 5.15.203
  • 5.16 through 6.1.169
  • 6.2 through 6.6.136
  • 6.7 through 6.12.84
  • 6.13 through 6.18.21
  • 6.19 through 6.19.11
• Fixed versions: 5.10.254, 5.15.204, 6.1.170, 6.6.137, 6.12.85, 6.18.22, 6.19.12, and kernel 7.0
• CVSS 3.1: 7.8 HIGH — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• CWE: CWE-669 (Incorrect Resource Transfer Between Spheres)

The vulnerability

The flaw lives in authencesn, a chained AEAD cryptographic template in the kernel’s AF_ALG user-space crypto API. Researchers at Xint dubbed it “Copy Fail” and trace its origin to three separate, individually harmless kernel changes made in 2011, 2015, and 2017. The 2017 commit introduced an in-place operation optimization in algif_aead that silently broke the assumption that source and destination buffers occupy the same memory mapping. The NVD description characterizes the fix as a revert to out-of-place operation mode.

In practice the flaw enables a 4-byte write into the kernel’s in-memory page cache of readable files. The target an attacker chooses is a setuid binary — /usr/bin/su being the canonical example. By corrupting that binary’s cached pages, an unprivileged local user can inject code that executes with root privileges the next time the binary runs.

What makes this particularly operationally significant is the exploit’s simplicity. The published proof-of-concept is a 732-byte Python script. It does not require race conditions, kernel heap grooming, or any kernel-version-specific offsets — the write primitive is reliable and straight-line. Any user with a local shell account can attempt it. The attack requires no user interaction from a privileged account.

Container environments are an additional concern. The algif_aead module is loaded by default in Docker, LXC, and Kubernetes node configurations that have not explicitly restricted user-space crypto API access. In those setups a container breakout or a compromised container workload can be a stepping stone to host root.

Mitigation

Patch. Distribution vendors are shipping kernel updates against the upstream stable patches. The mainline fix is commit a664bf3d603d, which reverts the 2017 algif_aead in-place optimization. Administrators running distribution kernels should apply the next security update for their kernel package line; the specific fixed version per upstream branch is listed above.

Interim workaround. If immediate patching is not possible, unload or blacklist the algif_aead kernel module:

# Unload if currently loaded
rmmod algif_aead

# Blacklist to prevent reload on reboot
echo "blacklist algif_aead" >> /etc/modprobe.d/blacklist.conf

Verify that no application in your environment requires AF_ALG AEAD operations before applying the blacklist. Most production workloads do not directly invoke the kernel crypto user-space API; TLS offload and disk encryption typically go through separate kernel paths.

Container and cloud environments. For Kubernetes clusters and container hosts, restrict AF_ALG socket access through seccomp profiles or AppArmor/SELinux policy. The relevant syscall to block is socket(AF_ALG, ...). Managed Kubernetes services that control the underlying node kernel (GKE, EKS, AKS) are expected to roll node updates; check vendor security bulletins for your specific version.

CISA’s KEV entry applies the standard Binding Operational Directive 22-01 requirement: federal civilian agencies must remediate by May 15, 2026. For non-federal operators the same deadline is a reasonable target given that a working exploit circulates publicly.

Sources

• NVD — CVE-2026-31431 ↗ — official CVE record with CVSS vector, CWE classification, affected version ranges, and patch commit references.
• The Hacker News — CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV ↗ — news report covering the KEV addition, patch deadline, and containerization risk.
• Xint researcher disclosure — original disclosure including technical write-up, the 732-byte PoC, and timeline of the underlying kernel changes.

Related resources

CVEs in AI/ML infrastructure components — including Linux kernel vulnerabilities that affect GPU-accelerated training and serving environments — are tracked alongside ML-specific CVEs at mlcves.com ↗. For context on how Linux kernel LPE vulnerabilities are used in container escape scenarios affecting AI workloads, see aiattacks.dev ↗.

Related across the network

• Cybersecurity Burnout Is a Structural Problem, Not a Personal One ↗ — techsentinel.news
• AI Agents Are Rewriting the Threat Model, and Most Security Teams Aren’t Ready ↗ — techsentinel.news
• The Agent Authority Gap Is an Observability Problem in a Security Costume ↗ — sentryml.com
• OpenAI’s Under-18 Principles: a guardrail engineer reads the new Model Spec ↗ — guardml.io
• AI Assistants Are Rewriting the Threat Model, Not Just the Workflow ↗ — techsentinel.news

---

→ This post is part of the AI Security Intelligence Hub — the complete resource index for AI security on ai-alert.org.