Synology-SA-26:08 Linux Kernel (Copy Fail)
Publish Time: UTC+8
Last Updated: UTC+8
- Severity
- Not affected
- Status
- Resolved
Abstract
None of Synology's products are affected by CVE-2026-31431.
Affected Products
| Product | Severity | Fixed Release Availability |
|---|---|---|
| DSM 7.3 | Not affected | N/A |
| DSM 7.2.2 | Not affected | N/A |
| DSM 7.2.1 | Not affected | N/A |
| APM 1.2 | Not affected | N/A |
| DSMUC 3.1 | Not affected | N/A |
| BeeStation OS 1.5 | Not affected | N/A |
| SRM 1.3 | Not affected | N/A |
| Camera Firmware 1.2 | Not affected | N/A |
Mitigation
None
Detail
- CVE-2026-31431
- Severity: Important
- CVSS3 Base Score: 7.8
- CVSS3 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- In the Linux kernel, the following vulnerability has been resolved:
crypto: algif_aead - Revert to operating out-of-place
This mostly reverts commit 72548b093ee3 except for the copying of the associated data.
There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Revision
| Revision | Date | Description |
|---|---|---|
| 1 | 2026-05-04 | Initial public release. |