Integrity Bypass in Linux Kernel Affecting Asynchronous Crypto Operations
CVE-2026-31719

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-31719?

In the Linux kernel, a vulnerability has been identified in the handling of asynchronous cryptographic operations where the integrity verification of decrypted data was bypassed. Specifically, in the krb5 enc scheme, the function responsible for decrypting data did not execute the necessary hash verification after asynchronous decryption was completed. This flaw could potentially allow attackers to manipulate data without detection. The fix introduces an intermediate callback to ensure that integrity checks are performed consistently, thereby aligning the decryption path with the secure practices of the encryption path. Additionally, improvements were made to error handling to prevent improper notifications during processing.

Affected Version(s)

Linux d1775a177f7f38156d541c8a3e3c91eaa6e69699 < 07cbb1bd424370671814a862913c99a6e1441588

Linux d1775a177f7f38156d541c8a3e3c91eaa6e69699

Linux d1775a177f7f38156d541c8a3e3c91eaa6e69699 < 3bfbf5f0a99c991769ec562721285df7ab69240b

References

https://git.kernel.org/stable/c/07cbb1bd424370671814a8629...

https://git.kernel.org/stable/c/e51f42114abbdf47f29dda43e...

https://git.kernel.org/stable/c/3bfbf5f0a99c991769ec56272...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31719 Data

JSON