VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Apr 25, 2026· Updated May 6, 2026

CVE-2026-31677

CVE-2026-31677

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - limit RX SG extraction by receive buffer budget

Make af_alg_get_rsgl() limit each RX scatterlist extraction to the remaining receive buffer budget.

af_alg_get_rsgl() currently uses af_alg_readable() only as a gate before extracting data into the RX scatterlist. Limit each extraction to the remaining af_alg_rcvbuf(sk) budget so that receive-side accounting matches the amount of data attached to the request.

If skcipher cannot obtain enough RX space for at least one chunk while more data remains to be processed, reject the recvmsg call instead of rounding the request length down to zero.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Linux kernel crypto bug in af_alg_get_rsgl() fails to limit RX scatterlist extraction to the receive buffer budget, causing accounting mismatch and potential denial of service.

Vulnerability

In the Linux kernel's crypto subsystem, the function af_alg_get_rsgl() in af_alg.c fails to limit each RX scatterlist extraction to the remaining receive buffer budget. It uses af_alg_readable() only as a gate before extracting data, but does not cap the extraction size to the remaining af_alg_rcvbuf(sk) budget. This causes receive-side accounting to not match the amount of data attached to the request [1][2][3][4].

Exploitation

An attacker with local access and the ability to perform AF_ALG socket operations can trigger this bug. By sending data that causes the RX scatterlist extraction to exceed the receive buffer budget, the accounting becomes inconsistent. If skcipher cannot obtain enough RX space for at least one chunk while more data remains, the recvmsg call is rejected instead of rounding down to zero, which could lead to denial of service.

Impact

The primary impact is a denial of service due to resource accounting mismatch. The vulnerability has a CVSS v3 score of 5.5 (Medium), indicating moderate severity. An attacker could potentially exhaust receive buffer resources, causing system instability or hang.

Mitigation

The fix has been applied to the Linux kernel stable tree via commits [1][2][3][4]. Users should update to a kernel version containing these patches. No workaround is mentioned.

References
  1. Making sure you're not a bot!
  2. Making sure you're not a bot!
  3. Making sure you're not a bot!
  4. Making sure you're not a bot!

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Linux/Kernel9 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=4.14,<6.12.83
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.