CVE-2026-31719

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw in the krb5enc dispatch decrypt() function allows asynchronous decryption to bypass integrity verification. The function sets the caller's completion handler as the callback, which signals completion without executing krb5enc dispatch decrypt hash(), thereby skipping the hash check. Additionally, there are issues with EBUSY and EINPROGRESS handling where krb5enc request complete() incorrectly suppressed EINPROGRESS notifications and krb5enc encrypt ahash done lacked necessary EBUSY checks for the dispatch encrypt return value.

Recommendations Implement the krb5enc decrypt done intermediate callback to ensure krb5enc dispatch decrypt hash() is executed upon asynchronous completion. Remove the krb5enc request complete() function to ensure EINPROGRESS notifications are correctly passed to callers. Add EBUSY checks in krb5enc encrypt ahash done for the dispatch encrypt return value. Unset MAY BACKLOG on the asynchronous completion path.