[24.04_linux-nvidia-6.17-next] CVE-2026-31431: crypto/algif_aead in-place operation enables page-cache write (Copy Fail)#402
Closed
ianm-nv wants to merge 1 commit into
Conversation
Contributor
PR Validation ReportPatchscan ✅ No Missing FixesAll cherry-picked commits checked — no missing upstream fixes found. PR Lint ✅ All checks passedDetailsChecking 1 commits... Cherry-pick digest: ┌──────────────┬───────────────────────────────────────────────┬────────────┬─────────┬───────────────────────────┐ │ Local │ Referenced upstream / Patch subject │ Patch-ID │ Subject │ SoB chain │ ├──────────────┼───────────────────────────────────────────────┼────────────┼─────────┼───────────────────────────┤ │ de4425644e5f │ a664bf3d603d │ match │ match │ preserved + ianm added │ └──────────────┴───────────────────────────────────────────────┴────────────┴─────────┴───────────────────────────┘ Lint: all checks passed. |
BugLink: https://bugs.launchpad.net/bugs/2150789 This mostly reverts commit 72548b0 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. Fixes: 72548b0 ("crypto: algif_aead - copy AAD from src to dst") Reported-by: Taeyang Lee <0wn@theori.io> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit a664bf3) CVE-2026-31431 Signed-off-by: Ian May <ianm@nvidia.com>
ianm-nv
force-pushed
the
24.04_linux-nvidia-6.17-next+CVE-2026-31431
branch
from
cc274ff to
de44256
Compare
nvmochs
approved these changes
Apr 30, 2026
Collaborator
nvmochs
left a comment
nvmochs
left a comment
There was a problem hiding this comment.
Verified this is a clean pick. No issues with this backport.
Acked-by: Matthew R. Ochs <mochs@nvidia.com>
Collaborator
|
|
Collaborator
|
|
Collaborator
|
Merged, closing PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reference: https://copy.fail/
crypto: algif_aead - Revert to operating out-of-place
BugLink: https://bugs.launchpad.net/bugs/2150789
This mostly reverts commit 72548b0 except for the copying of the associated data.
There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Fixes: 72548b0 ("crypto: algif_aead - copy AAD from src to dst")
Reported-by: Taeyang Lee 0wn@theori.io
(cherry picked from commit a664bf3)
CVE-2026-31431