CVE-2026-31719
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: krb5enc - fix async decrypt skipping hash verification
krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this signals "done" to the caller without executing krb5enc_dispatch_decrypt_hash(), completely bypassing the integrity verification (hash check).
Compare with the encrypt path which correctly uses krb5enc_encrypt_done as an intermediate callback to chain into the hash computation on async completion.
Fix by adding krb5enc_decrypt_done as an intermediate callback that chains into krb5enc_dispatch_decrypt_hash() upon async skcipher completion, matching the encrypt path's callback pattern.
Also fix EBUSY/EINPROGRESS handling throughout: remove krb5enc_request_complete() which incorrectly swallowed EINPROGRESS notifications that must be passed up to callers waiting on backlogged requests, and add missing EBUSY checks in krb5enc_encrypt_ahash_done for the dispatch_encrypt return value.
Unset MAY_BACKLOG on the async completion path so the user won't see back-to-back EINPROGRESS notifications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel crypto: krb5enc async decrypt skips integrity hash verification, allowing undetected data tampering.
Vulnerability
In the Linux kernel's Kerberos encryption helper (crypto/krb5enc), the asynchronous decryption path (krb5enc_dispatch_decrypt() incorrectly sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this signals completion to the caller without executing krb5enc_dispatch_decrypt_hash(), completely bypassing the integrity verification (hash check). This contrasts with the encrypt path, which correctly uses an intermediate callback krb5enc_encrypt_done` to chain into the hash computation on async completion [1].
Exploitation
An attacker who can trigger an asynchronous decryption operation on a Kerberos-encrypted payload can cause the kernel to skip the integrity hash verification. No special privileges are required beyond the ability to trigger this code path if the attacker can supply crafted encrypted data to a system using the affected kernel module. The bug is in the dispatch logic, not in the cryptographic primitives themselves, so any use of the krb5enc helper for asynchronous decryption is vulnerable [1
Impact
By exploiting this flaw, an attacker can submit a tampered ciphertext that will be decrypted and accepted as valid without the integrity hash being checked. This defeats the authentication and integrity guarantees provided by Kerberos encryption, potentially allowing an attacker to inject malicious data into a Kerberos-protected communication stream or storage. The impact is high because it undermines the security model of Kerberos-based protections in the kernel [1
Mitigation
The fix adds krb5enc_decrypt_done as an intermediate callback that chains into krb5enc_dispatch_decrypt_hash() upon async skcipher completion, matching the encrypt path's callback pattern. Additionally, the patch corrects EBUSY/EINPROGRESS handling by removing krb5enc_request_complete() which incorrectly swallowed EINPROGRESS notifications, and adds missing EBUSY checks in krb5enc_encrypt_ahash_done. The fix also unsets MAY_BACKLOG on the async completion path to prevent duplicate EINPROGRESS notifications. The fix has been applied to the stable kernel tree [1]. Users should update to a kernel containing this commit.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.