PULSE
EN VIVO37señales / 24h
FEED
ransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Foundransomgunra reclama a Dissinger and Dissinger Law Firm · US · Business Servicesransomplay reclama a Boston Electric and Telephone · US · Telecommunicationransomplay reclama a Wring Group · GB · Not Foundransomincransom reclama a asa-international.com · GB · Business Servicesransomplay reclama a AG Scholtes · NL · Manufacturingransomplay reclama a Andorra Life · AD · Healthcareransomplay reclama a Svensk Direktreklam · SE · Business Servicesransomchaos reclama a radiax.com · US · Technologyransominterlock reclama a Converting Equipment International · GB · Manufacturingransomblack x reclama a sanaa · YE · Not Foundransomthegentlemen reclama a Tangram Interiors · GB · Business Servicesransomthegentlemen reclama a BRAC · BD · Business Servicesransomthegentlemen reclama a Customs Watch · US · Public Sectorransomthegentlemen reclama a Gallant · FI · Not Found
← Todos los CVEs
CVE Watch15 jul 2026

CVE-2026-31431

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

CVSS

7.8

Alto

EPSS

96.3%

p100

KEV

1 may 2026

Exploit Today

80

0-100

Publicado: 22 abr 2026 · Última mod.: 15 jul 2026 · CWE-669 · CWE-1288

EPSS · 30d
96.3%EPSS · 30 días96.8%
2026-06-302026-07-16
Ficha del catálogo KEV

Producto

Linux / Kernel

Vulnerabilidad

Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability

Añadido a KEV

1 may 2026

Remediar antes de

15 may 2026

Uso conocido en ransomware

No

Descripción resumida

Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.

Acción requerida

"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notas

https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/; https://xint.io/blog/copy-fail-linux-distributions#the-fix-6 ; https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-31431

Descripción técnica

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2022-0847
99.8%
KEV80Linux Kernel Privilege Escalation Vulnerability
CVE-2016-5195
99.7%
KEV80Linux Kernel Race Condition Vulnerability
CVE-2021-22555
99.5%
KEV80Linux Kernel Heap Out-of-Bounds Write Vulnerability
CVE-2019-13272
98.8%
KEV80Linux Kernel Improper Privilege Management Vulnerability
CVE-2013-2094
98.7%
KEV80Linux Kernel Privilege Escalation Vulnerability
CVE-2021-3493
98.6%
KEV80Linux Kernel Privilege Escalation Vulnerability