{"id":"CVE-2026-31677","summary":"crypto: af_alg - limit RX SG extraction by receive buffer budget","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - limit RX SG extraction by receive buffer budget\n\nMake af_alg_get_rsgl() limit each RX scatterlist extraction to the\nremaining receive buffer budget.\n\naf_alg_get_rsgl() currently uses af_alg_readable() only as a gate\nbefore extracting data into the RX scatterlist. Limit each extraction\nto the remaining af_alg_rcvbuf(sk) budget so that receive-side\naccounting matches the amount of data attached to the request.\n\nIf skcipher cannot obtain enough RX space for at least one chunk while\nmore data remains to be processed, reject the recvmsg call instead of\nrounding the request length down to zero.","modified":"2026-04-26T04:22:23.480648Z","published":"2026-04-25T08:46:53.379Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31677.json","cna_assigner":"Linux"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/07c6f6ffe29009426f0bd4d3cfbb6308b8ea8453"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4a264b2614c73c96666e196bbabe0cead52bdba7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8eceab19eba9dcbfd2a0daec72e1bf48aa100170"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9bf3e6ccfdcfe56ae3190d1ae987dacf1cfef4f9"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31677.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31677"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e870456d8e7c8d57c059ea479b5aadbb55ff4c3a"},{"fixed":"9bf3e6ccfdcfe56ae3190d1ae987dacf1cfef4f9"},{"fixed":"07c6f6ffe29009426f0bd4d3cfbb6308b8ea8453"},{"fixed":"4a264b2614c73c96666e196bbabe0cead52bdba7"},{"fixed":"8eceab19eba9dcbfd2a0daec72e1bf48aa100170"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31677.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.14.0"},{"fixed":"6.12.83"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.24"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.14"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31677.json"}}],"schema_version":"1.7.5"}