CVE-2026-31719

Source
https://cve.org/CVERecord?id=CVE-2026-31719
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31719.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-31719
Downstream
Related
Published
2026-05-01T13:56:13.385Z
Modified
2026-06-18T03:57:38.621493267Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
crypto: krb5enc - fix async decrypt skipping hash verification
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: krb5enc - fix async decrypt skipping hash verification

krb5encdispatchdecrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this signals "done" to the caller without executing krb5encdispatchdecrypt_hash(), completely bypassing the integrity verification (hash check).

Compare with the encrypt path which correctly uses krb5encencryptdone as an intermediate callback to chain into the hash computation on async completion.

Fix by adding krb5encdecryptdone as an intermediate callback that chains into krb5encdispatchdecrypt_hash() upon async skcipher completion, matching the encrypt path's callback pattern.

Also fix EBUSY/EINPROGRESS handling throughout: remove krb5encrequestcomplete() which incorrectly swallowed EINPROGRESS notifications that must be passed up to callers waiting on backlogged requests, and add missing EBUSY checks in krb5encencryptahashdone for the dispatchencrypt return value.

Unset MAY_BACKLOG on the async completion path so the user won't see back-to-back EINPROGRESS notifications.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31719.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d1775a177f7f38156d541c8a3e3c91eaa6e69699
Fixed
07cbb1bd424370671814a862913c99a6e1441588
Fixed
e51f42114abbdf47f29dda43e7826be28907fcd2
Fixed
3bfbf5f0a99c991769ec562721285df7ab69240b

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31719.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.15.0
Fixed
6.18.25
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.2

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31719.json"