製品・ソフトウェアに関する情報

JVN脆弱性詳細

LinuxのLinux Kernelにおける領域間での誤ったリソース移動に関する脆弱性

タイトル	LinuxのLinux Kernelにおける領域間での誤ったリソース移動に関する脆弱性
概要	Linuxカーネルにおいて、以下の脆弱性が修正されました。crypto: algif_aeadに関して、オペレーションをインプレースからアウトオブプレースに戻しました。この修正は主にコミット72548b093ee3を元に戻すものであり、関連データのコピー部分は除いています。algif_aeadでは、ソースと宛先が異なるマッピングから来ているため、インプレースで操作するメリットがありません。そこで、インプレース操作のために追加された複雑さをすべて排除し、関連データを直接コピーするようにしました。
想定される影響	当該ソフトウェアが扱う全ての情報が外部に漏れる可能性があります。また、当該ソフトウェアが扱う全ての情報が書き換えられる可能性があります。さらに、当該ソフトウェアが完全に停止する可能性があります。そして、この脆弱性を悪用した攻撃の影響は、他のソフトウェアには及びません。
対策	正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2026年4月22日0:00
登録日	2026年5月7日12:06
最終更新日	2026年5月7日12:06

CVSS3.0 : 重要
スコア	7.8
ベクター	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

影響を受けるシステム

Linux

Linux Kernel 4.14 以上 5.10.254 未満

Linux Kernel 5.11 以上 5.15.204 未満

Linux Kernel 5.16 以上 6.1.170 未満

Linux Kernel 6.13 以上 6.18.22 未満

Linux Kernel 6.19 以上 6.19.12 未満

Linux Kernel 6.2 以上 6.6.137 未満

Linux Kernel 6.7 以上 6.12.85 未満

Linux Kernel 7.0

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
CISA Known Exploited Vulnerabilities Catalog
1	CVE-2026-31431	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-31431
Common Vulnerabilities and Exposures (CVE)
2	CVE-2026-31431	https://www.cve.org/CVERecord?id=CVE-2026-31431
National Vulnerability Database (NVD)
3	CVE-2026-31431	https://nvd.nist.gov/vuln/detail/CVE-2026-31431
WebSec
4	CVE-2026-31431, Linux algif_aead page-cache write to root	https://websec.net/blog/cve-2026-31431-linux-algifaead-page-cache-write-to-root-69f38a4ccddd2db1f520f170
関連文書
5	CVE-2026-31431 - Red Hat Customer Portal	https://access.redhat.com/security/cve/cve-2026-31431#cve-details-mitigation
6	CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place - Greg Kroah-Hartman	https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-669	https://cwe.mitre.org/data/definitions/669.html

その他

変更履歴

No	変更内容	変更日
1	[2026年05月07日] 掲載	2026年5月7日12:06

NVD脆弱性情報

CVE-2026-31431

概要	In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
公表日	2026年4月22日18:16
登録日	2026年4月25日4:04
最終更新日	2026年4月27日23:16

No	名前	URL
関連文書
1	Copy Fail — CVE-2026-31431	https://copy.fail
2	Copy Fail: 732 Bytes to Root on Every Major Linux Distribution. - Xint	https://xint.io/blog/copy-fail-linux-distributions#the-fix-6
3	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c)	https://git.kernel.org/stable/c/19d43105a97be0810edbda875f2cd03f30dc130c
4	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc)	https://git.kernel.org/stable/c/3115af9644c342b356f3f07a4dd1c8905cd9a6fc
5	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667)	https://git.kernel.org/stable/c/893d22e0135fa394db81df88697fba6032747667
6	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82)	https://git.kernel.org/stable/c/8b88d99341f139e23bdeb1027a2a3ae10d341d82
7	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b)	https://git.kernel.org/stable/c/961cfa271a918ad4ae452420e7c303149002875b
8	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5)	https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
9	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237)	https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237
10	crypto: algif_aead - Revert to operating out-of-place - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8)	https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8
11	GitHub - theori-io/copy-fail-CVE-2026-31431 GitHub	https://github.com/theori-io/copy-fail-CVE-2026-31431
12	http://www.openwall.com/lists/oss-security/2026/04/30/6	http://www.openwall.com/lists/oss-security/2026/04/30/6
13	oss-security - CVE-2026-31431: CopyFail: linux local privilege scalation	http://www.openwall.com/lists/oss-security/2026/04/29/23
14	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/29/25)	http://www.openwall.com/lists/oss-security/2026/04/29/25
15	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/29/26)	http://www.openwall.com/lists/oss-security/2026/04/29/26
16	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/10)	http://www.openwall.com/lists/oss-security/2026/04/30/10
17	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/11)	http://www.openwall.com/lists/oss-security/2026/04/30/11
18	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/12)	http://www.openwall.com/lists/oss-security/2026/04/30/12
19	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/14)	http://www.openwall.com/lists/oss-security/2026/04/30/14
20	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/15)	http://www.openwall.com/lists/oss-security/2026/04/30/15
21	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/16)	http://www.openwall.com/lists/oss-security/2026/04/30/16
22	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/17)	http://www.openwall.com/lists/oss-security/2026/04/30/17
23	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/18)	http://www.openwall.com/lists/oss-security/2026/04/30/18
24	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/2)	http://www.openwall.com/lists/oss-security/2026/04/30/2
25	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/20)	http://www.openwall.com/lists/oss-security/2026/04/30/20
26	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/04/30/5)	http://www.openwall.com/lists/oss-security/2026/04/30/5
27	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/10)	http://www.openwall.com/lists/oss-security/2026/05/01/10
28	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/12)	http://www.openwall.com/lists/oss-security/2026/05/01/12
29	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/16)	http://www.openwall.com/lists/oss-security/2026/05/01/16
30	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/18)	http://www.openwall.com/lists/oss-security/2026/05/01/18
31	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/2)	http://www.openwall.com/lists/oss-security/2026/05/01/2
32	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/22)	http://www.openwall.com/lists/oss-security/2026/05/01/22
33	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/23)	http://www.openwall.com/lists/oss-security/2026/05/01/23
34	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/24)	http://www.openwall.com/lists/oss-security/2026/05/01/24
35	oss-security - Re: CVE-2026-31431: CopyFail: linux local privilege scalation (http://www.openwall.com/lists/oss-security/2026/05/01/3)	http://www.openwall.com/lists/oss-security/2026/05/01/3
36	oss-security - Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation	http://www.openwall.com/lists/oss-security/2026/05/01/17
37	oss-security - Re: [EXTERNAL] Re: CVE-2026-31431: CopyFail: linux local privilege scalation	http://www.openwall.com/lists/oss-security/2026/05/01/15

No	URL	refsource
1	https://git.kernel.org/stable/c/a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/ce42ee423e58dffa5ec03524054c9d8bfd4f6237	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/fafe0fa2995a0f7073c1c358d7d3145bcc9aedd8	416baaa9-dc9f-4396-8d5f-8c081fb06d67