CVE-2026-31677

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the af alg component of the Linux kernel cryptography subsystem. The function af alg get rsgl() fails to properly limit each RX scatterlist extraction to the remaining receive buffer budget, using af alg readable() only as an initial gate. This causes a mismatch between receive-side accounting and the amount of data attached to the request. If skcipher cannot obtain sufficient RX space for at least one chunk while data remains, the system may round the request length down to zero instead of rejecting the recvmsg call.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.