Linux Kernel Vulnerability copy.fail - CVE-2026-31431

Summary

CVE-2026-31431
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Fortinet PSIRT is currently investigating the impact of this CVE over Fortinet products.

Products Under Investigation:
FortiEDR
FortiDevSec
FortiNAC
FortiNAC-F
FortiSOAR
FortiClient EMS
FortiClient Cloud

Products confirmed NOT Impacted:
FortiOS
FortiCamera
FortiCentral
FortiClientWindows
FortiClient Mac
FortiClient Linux
FortiClient Android
FortiToken iOS
FortiToken Windows
FortiRecorder
FortiAIOps
FortiAP
FortiAP-U
FortiAP-W2
FortiAuthenticator
FortiStack - Fortinet Integrated Openstack
FortiSASE
FortiSASE - Sovereign
FortiManager
FortiAnalyzer
FortiWeb
FortiProxy
FortiADC
FortiADC-Manager
FortiCNP
FortiDAST
FortiData
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor Token
FortiEdge Cloud
FortiEDR Android
FortiEDR iOS
FortiMail
FortiSwitch Manager
FortiPhish
FortiFone
FortiIsolator
FortiMonitor
FortiPAM
FortiPresence
FortiPortal
FortiAppSec Cloud
FortiAnalyzer-BigData
FortiConverter
FortiVoice Cloud
FortiSandbox
FortiSIEM
FortiToken Android
FortiNDR
FortiExtender

Timeline

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-31431