Linux kernel vulnerability, CVE-2026-31431 (Copy Fail) : Support Portal

ZX/NX3 up29, up32, up33 and higher is not affected by Linux kernel vulnerability, CVE-2026-31431 (Copy Fail)

CVE-2026-31431 (Copy Fail) is in the Linux kernel's `algif_aead` module, which is part of the AF_ALG userspace-crypto socket family.

That entire family is disabled at compile time in the kernel that ships in ZX/NX3.
Verified on a running up33 ZX/NX3:

# zcat /proc/config.gz | grep CONFIG_CRYPTO_USER_API_ # CONFIG_CRYPTO_USER_API_HASH is not set # CONFIG_CRYPTO_USER_API_SKCIPHER is not set # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set

`algif_aead` is not built and not loadable on the appliance; a `socket(AF_ALG, ...)` call returns `EAFNOSUPPORT` from the kernel itself.

The exploit requires that socket to perform its in-place / `splice()` write, so it has no surface to land on - this is independent of the closed-appliance / no-shell argument.

No ZX/NX3 kernel update or Small Update is required for this CVE when on up29, up32 and up33 or higher.

Linux kernel vulnerability, CVE-2026-31431 (Copy Fail) Print

Related Articles