GHSA-2274-3hgr-wxv6 · 深刻度: high — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert...
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
総合評価: CVE-2026-31431 は在野悪用が確認された重大脅威(90.6/100)。CVSS 深刻度は高。悪用される可能性が高い(EPSS 96.27%、100 パーセンタイル) 根拠: CISA KEV に登録(追加日 2026-05-01)。Linux / Kernel が対象で、弱点分類 CWE-1288の悪用が確認されています。未認証でリモート管理権限を奪取されるリスクが極めて高い。 推奨対応: CISA の対応期限を過ぎています。緊急のパッチ適用を最優先に検討してください。
リスクは変動します。再評価に基づき、本ページの表示内容を更新しています。
: Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability · CISA KEV の詳細
: 2026-05-01
: 2026-05-15
: "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
| EDB-ID | ソース | 種別 | 公開 | リンク |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS は日次で悪用されやすさの相対度合いを推定します。パーセンタイルは採点済み CVE の中での相対位置(高いほど相対的に深刻)を示します。
| # | 日付 | 旧 EPSS スコア | 新 EPSS スコア | Δ(新 − 旧) |
|---|---|---|---|---|
| 1 | 2026-07-02 | 96.78% | 96.27% | -0.51% |
| 2 | 2026-06-23 | 94.02% | 96.78% | +2.76% |
| 3 | 2026-06-18 | — | 94.02% | — |
EPSS の全履歴 (全 17 件)
この CVE の CVSS 指標。
| ベーススコア | バージョン | 深刻度 | ベクトル | 悪用しやすさ | 影響 | スコアの出典 |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 |
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c |
GHSA-2274-3hgr-wxv6 · 深刻度: high — In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert...
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2026-31431 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. | https://security-tracker.debian.org/tracker/CVE-2026-31431 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2026-31431 |
suse
|
medium | CVE-2026-31431 severity moderate: SUSE including 4 source package names (kernel-default, kernel-default-base, kernel-default-devel, kernel-source), 6 product×package rows across 2 product lines (SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE, SUSE Linux Enterprise Server Teradata 12 SP3): Known Not Affected 6. | https://www.suse.com/security/cve/CVE-2026-31431/ |
ubuntu
|
high | CVE-2026-31431 high priority: Ubuntu including 161 source packages (linux, linux-allwinner-5.19, …), 1449 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1047, ignored 169, released 163, pending 35, not-affected 20, needed 11, needs-triage 4. | https://ubuntu.com/security/CVE-2026-31431 |
| ベンダー | 製品 | バージョン | 生の CPE |
|---|---|---|---|
| linux | linux_kernel | >= 4.14, < 5.10.254 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.11, < 5.15.204 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 5.16, < 6.1.170 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.2, < 6.6.137 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.7, < 6.12.85 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.13, < 6.18.22 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | >= 6.19, < 6.19.12 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:* |
| linux | linux_kernel | 7.0 | cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.12, < 4.12.89 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.13, < 4.13.66 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.14, < 4.14.65 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.15, < 4.15.64 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.16, < 4.16.61 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.17, < 4.17.53 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.18, < 4.18.40 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.19, < 4.19.30 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.20, < 4.20.21 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | >= 4.21, < 4.21.14 | cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:* |
| redhat | openshift_container_platform | 4.0 | cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 8.0 | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 9.0 | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux | 10.0 | cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_aus | 8.4 | cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:* |
| redhat | enterprise_linux_aus | 8.6 | cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 8.4 | cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 9.4 | cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 9.6 | cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 10.0 | cpe:2.3:o:redhat:enterprise_linux_eus:10.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_tus | 8.6 | cpe:2.3:o:redhat:enterprise_linux_tus:8.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_tus | 8.8 | cpe:2.3:o:redhat:enterprise_linux_tus:8.8:*:*:*:*:*:*:* |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.6 | cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:* |
| redhat | enterprise_linux_update_services_for_sap_solutions | 8.8 | cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:* |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.0 | cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_update_services_for_sap_solutions | 9.2 | cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.2:*:*:*:*:*:*:* |
| amazon | amazon_linux | — | cpe:2.3:o:amazon:amazon_linux:-:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | — | cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:* |
| debian | debian_linux | 11.0 | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| debian | debian_linux | 12.0 | cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
| debian | debian_linux | 13.0 | cpe:2.3:o:debian:debian_linux:13.0:*:*:*:*:*:*:* |
| opensuse | leap | 15.3 | cpe:2.3:o:opensuse:leap:15.3:*:*:*:*:*:*:* |
| opensuse | leap | 15.4 | cpe:2.3:o:opensuse:leap:15.4:*:*:*:*:*:*:* |
| opensuse | leap | 15.5 | cpe:2.3:o:opensuse:leap:15.5:*:*:*:*:*:*:* |
| opensuse | leap | 15.6 | cpe:2.3:o:opensuse:leap:15.6:*:*:*:*:*:*:* |
| suse | caas_platform | 4.0 | cpe:2.3:a:suse:caas_platform:4.0:*:*:*:*:*:*:* |
| suse | enterprise_storage | 6.0 | cpe:2.3:a:suse:enterprise_storage:6.0:*:*:*:*:*:*:* |
| suse | enterprise_storage | 7.0 | cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:* |
| suse | enterprise_storage | 7.1 | cpe:2.3:a:suse:enterprise_storage:7.1:*:*:*:*:*:*:* |
| suse | manager_proxy | 4.0 | cpe:2.3:a:suse:manager_proxy:4.0:*:*:*:*:*:*:* |
| suse | manager_proxy | 4.1 | cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:* |
| suse | manager_proxy | 4.2 | cpe:2.3:a:suse:manager_proxy:4.2:*:*:*:*:*:*:* |
| suse | manager_proxy | 4.3 | cpe:2.3:a:suse:manager_proxy:4.3:*:*:*:*:*:*:* |
| suse | manager_retail_branch_server | 4.0 | cpe:2.3:a:suse:manager_retail_branch_server:4.0:*:*:*:*:*:*:* |
| suse | manager_retail_branch_server | 4.1 | cpe:2.3:a:suse:manager_retail_branch_server:4.1:*:*:*:*:*:*:* |
| suse | manager_retail_branch_server | 4.2 | cpe:2.3:a:suse:manager_retail_branch_server:4.2:*:*:*:*:*:*:* |
| suse | manager_retail_branch_server | 4.3 | cpe:2.3:a:suse:manager_retail_branch_server:4.3:*:*:*:*:*:*:* |
| suse | manager_server | 4.0 | cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:* |
| suse | manager_server | 4.1 | cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:* |
| suse | manager_server | 4.2 | cpe:2.3:a:suse:manager_server:4.2:*:*:*:*:*:*:* |
| suse | manager_server | 4.3 | cpe:2.3:a:suse:manager_server:4.3:*:*:*:*:*:*:* |
| suse | openstack_cloud | 9.0 | cpe:2.3:a:suse:openstack_cloud:9.0:*:*:*:*:*:*:* |
| suse | openstack_cloud_crowbar | 9.0 | cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:* |
| suse | basesystem_module | 15 | cpe:2.3:o:suse:basesystem_module:15:sp1:*:*:*:suse_linux_enterprise:*:* |
| suse | basesystem_module | 15 | cpe:2.3:o:suse:basesystem_module:15:sp2:*:*:*:suse_linux_enterprise:*:* |
| suse | basesystem_module | 15 | cpe:2.3:o:suse:basesystem_module:15:sp3:*:*:*:suse_linux_enterprise:*:* |
| suse | basesystem_module | 15 | cpe:2.3:o:suse:basesystem_module:15:sp4:*:*:*:suse_linux_enterprise:*:* |
| suse | basesystem_module | 15 | cpe:2.3:o:suse:basesystem_module:15:sp5:*:*:*:suse_linux_enterprise:*:* |
| suse | basesystem_module | 15 | cpe:2.3:o:suse:basesystem_module:15:sp6:*:*:*:suse_linux_enterprise:*:* |
| suse | basesystem_module | 15 | cpe:2.3:o:suse:basesystem_module:15:sp7:*:*:*:suse_linux_enterprise:*:* |
| suse | development_tools_module | 15 | cpe:2.3:o:suse:development_tools_module:15:sp1:*:*:*:suse_linux_enterprise:*:* |
| suse | development_tools_module | 15 | cpe:2.3:o:suse:development_tools_module:15:sp2:*:*:*:suse_linux_enterprise:*:* |
| suse | development_tools_module | 15 | cpe:2.3:o:suse:development_tools_module:15:sp3:*:*:*:suse_linux_enterprise:*:* |
| suse | development_tools_module | 15 | cpe:2.3:o:suse:development_tools_module:15:sp4:*:*:*:suse_linux_enterprise:*:* |
| suse | development_tools_module | 15 | cpe:2.3:o:suse:development_tools_module:15:sp5:*:*:*:suse_linux_enterprise:*:* |
| suse | development_tools_module | 15 | cpe:2.3:o:suse:development_tools_module:15:sp6:*:*:*:suse_linux_enterprise:*:* |
| suse | development_tools_module | 15 | cpe:2.3:o:suse:development_tools_module:15:sp7:*:*:*:suse_linux_enterprise:*:* |