Re: Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation

["Malik, Vaibhav" <vaibhav.malik () hp com>]

Hi,

One flow link or example:

1. Userspace creates AF_ALG socket
A program opens:
socket(AF_ALG, SOCK_SEQPACKET, 0)
Then binds to a crypto algorithm:
"aead" type
algorithm like "gcm(aes)" or "authenc(hmac(sha256),cbc(aes))"

2. Kernel resolves algorithm
Kernel does:
Select crypto template (authenc, gcm, etc.)
Instantiate transformation object in crypto subsystem
Load module if needed and it seems this is where algif_aead becomes active.

Vaibhav

Sent via the Samsung Galaxy S22 Ultra 5G, an AT&T 5G smartphone
Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: Alexander Bochmann <ab () lists gxis de>
Sent: Saturday, May 2, 2026 3:54:07 PM
To: oss-security () lists openwall com <oss-security () lists openwall com>
Subject: Re: [oss-security] Re: Re: CVE-2026-31431: CopyFail: linux local privilege scalation

CAUTION: External Email

...on 2026-05-02 20:05:00, Eric Biggers wrote:

> What it does break are a small set of userspace programs that made the
> shortsighted decision to use AF_ALG, instead of simply following the
> standard practice of using a userspace crypto library.

For some added fun - I noticed that Debian 13, for example,
ships an openssl build with an AF_ALG engine, so uh, yeah,
depending on how you use your userspace crypto library...

No idea if that has any actual consumers anywhere out there
today.

$ openssl version
OpenSSL 3.5.5 27 Jan 2026 (Library: OpenSSL 3.5.5 27 Jan 2026)
$ openssl engine afalg -c
(afalg) AFALG engine support
 [AES-128-CBC, AES-192-CBC, AES-256-CBC]

Alex.