crypto: algif_aead - Revert to operating out-of-place (CVE-2026-31431)
37827
01 July 2026
01 July 2026
CLOSED
HIGH
7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2026-31431
|
Brocade Security Advisory ID |
BSA-2026-3599 |
|
Component |
Linux Kernel |
|
CWE-669: Incorrect Resource Transfer Between Spheres |
|
Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Products Affected
- Brocade ASCG base OS (OVA deployment) before 3.4.0c
Products Confirmed Not Affected
- Brocade ASCG Standard versions
[VEX Justification: Vulnerable_code_not_in_execute_path] - Brocade Fabric OS is not exploitable. [VEX Justification: Vulnerable_code_not_present]
- Brocade SANnav Standard versions
[VEX Justification: Vulnerable_code_not_in_execute_path] - SANnav base OS (OVA deployments): Vulnerable if user sannavmgr account is compromised, otherwise Vulnerable_code_cannot_be_controlled_by_adversary
Solution
- Security update is provided in Brocade ASCG base OS (OVA Deployment) 3.4.0c
Revision History
|
Version |
Change |
Date |
|
1.0 |
Initial Publication |
7/1/2026 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.