Linux Kernel Vulnerability in AF_ALG Implementation by The Linux Foundation
CVE-2026-31677

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-31677?

A vulnerability in the Linux kernel's AF_ALG (Asynchronous Functionality Algorithm) implementation allows inadequate management of receive buffer space during data extraction processes. Specifically, the function af_alg_get_rsgl() did not properly limit RX scatterlist extractions in accordance with the available receive buffer budget. This oversight could lead to a mismatch between the accounting of data received and the actual data attached to incoming requests. As a remedy, when the skcipher cannot accommodate sufficient RX space for at least one chunk of incoming data, the recvmsg call is now explicitly rejected—preventing erroneous handling of requests and ensuring proper resource utilization.

Affected Version(s)

Linux e870456d8e7c8d57c059ea479b5aadbb55ff4c3a < 9bf3e6ccfdcfe56ae3190d1ae987dacf1cfef4f9

Linux e870456d8e7c8d57c059ea479b5aadbb55ff4c3a < 07c6f6ffe29009426f0bd4d3cfbb6308b8ea8453

Linux e870456d8e7c8d57c059ea479b5aadbb55ff4c3a < 4a264b2614c73c96666e196bbabe0cead52bdba7

References

https://git.kernel.org/stable/c/9bf3e6ccfdcfe56ae3190d1ae...

https://git.kernel.org/stable/c/07c6f6ffe29009426f0bd4d3c...

https://git.kernel.org/stable/c/4a264b2614c73c96666e196bb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31677 Data

JSON