A local privilege escalation vulnerability (CVE-2026-31431, CVSS 7.8) exists in the Linux kernel's algif_aead module due to improper handling of in-place cryptographic operations, known as Copy Fail. Affected kernel versions range from 4.14 up to but not including 5.10.254, 5.11 up to 5.15.204, 5.16 up to 6.1.170, 6.2 up to 6.6.137, and 6.7 up to 6.12.85. The flaw is resolved by upgrading to the specific fixed versions listed, such as kernel 5.10.254, 5.15.204, or 6.1.170.
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we propagate the error back to the ioctl but leave the vGIC vCPU data initialised. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec nvmet_tcp_build_pdu_iovec() could walk past cmd->req.sg when a PDU length or offset exceeds sg_cnt and then use bogus sg->length/offset values, leading to _copy_to_iter() GPF/KASAN. It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container.)(CVE-2026-31431)