CVE-2026-31719

EUVD-2026-26528
In the Linux kernel, the following vulnerability has been resolved:

crypto: krb5enc - fix async decrypt skipping hash verification

krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher
callback, which is the caller's own completion handler. When the
skcipher completes asynchronously, this signals "done" to the caller
without executing krb5enc_dispatch_decrypt_hash(), completely bypassing
the integrity verification (hash check).

Compare with the encrypt path which correctly uses
krb5enc_encrypt_done as an intermediate callback to chain into the
hash computation on async completion.

Fix by adding krb5enc_decrypt_done as an intermediate callback that
chains into krb5enc_dispatch_decrypt_hash() upon async skcipher
completion, matching the encrypt path's callback pattern.

Also fix EBUSY/EINPROGRESS handling throughout: remove
krb5enc_request_complete() which incorrectly swallowed EINPROGRESS
notifications that must be passed up to callers waiting on backlogged
requests, and add missing EBUSY checks in krb5enc_encrypt_ahash_done
for the dispatch_encrypt return value.


Unset MAY_BACKLOG on the async completion path so the user won't
see back-to-back EINPROGRESS notifications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
6.15 ≤
𝑥
< 6.18.25
linuxlinux_kernel
6.19 ≤
𝑥
< 7.0.2
linuxlinux_kernel
7.1:rc1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.10-1
fixed
sid
7.0.12-2
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.90-2
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bpftool6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
bpftool6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel-livepatch-6.18.25-55.108
Amazon Linux 2023
1:1.0-0.amzn2023
fixed
kernel6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-debuginfo-common-aarch64
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-debuginfo-common-x86_64
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-devel
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-headers
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-modules-extra
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-modules-extra-common
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-tools
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-tools-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
kernel6.18-tools-devel
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
perf6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
perf6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
python3-perf6.18
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
python3-perf6.18-debuginfo
Amazon Linux 2023
1:6.18.25-55.108.amzn2023
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/07cbb1bd424370671814a862913c99a6e1441588
https://git.kernel.org/stable/c/3bfbf5f0a99c991769ec562721285df7ab69240b
https://git.kernel.org/stable/c/e51f42114abbdf47f29dda43e7826be28907fcd2