GET

Cover Letter Detail

Show a cover letter.

GET /api/1.2/covers/2231251/?format=api
HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2231251,
    "url": "http://patchwork.ozlabs.org/api/1.2/covers/2231251/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/177754965576.503496.12142658280614619991@tuxedo-infinitybook.public/",
    "project": {
        "id": 15,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/15/?format=api",
        "name": "Ubuntu Kernel",
        "link_name": "ubuntu-kernel",
        "list_id": "kernel-team.lists.ubuntu.com",
        "list_email": "kernel-team@lists.ubuntu.com",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<177754965576.503496.12142658280614619991@tuxedo-infinitybook.public>",
    "list_archive_url": null,
    "date": "2026-04-30T12:30:12",
    "name": "[SRU,Q/N/J,0/3] CVE-2026-31431",
    "submitter": {
        "id": 89057,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/89057/?format=api",
        "name": "Massimiliano Pellizzer",
        "email": "massimiliano.pellizzer@canonical.com"
    },
    "mbox": "http://patchwork.ozlabs.org/project/ubuntu-kernel/cover/177754965576.503496.12142658280614619991@tuxedo-infinitybook.public/mbox/",
    "series": [],
    "comments": "http://patchwork.ozlabs.org/api/covers/2231251/comments/",
    "headers": {
        "Return-Path": "<kernel-team-bounces@lists.ubuntu.com>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (4096-bit key;\n unprotected) header.d=canonical.com header.i=@canonical.com\n header.a=rsa-sha256 header.s=20251003 header.b=q26UqKE/;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com\n (client-ip=185.125.189.65; helo=lists.ubuntu.com;\n envelope-from=kernel-team-bounces@lists.ubuntu.com;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5tnw6mnsz1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 22:31:30 +1000 (AEST)",
            "from localhost ([127.0.0.1] helo=lists.ubuntu.com)\n\tby lists.ubuntu.com with esmtp (Exim 4.86_2)\n\t(envelope-from <kernel-team-bounces@lists.ubuntu.com>)\n\tid 1wIQY2-0004H8-1l; Thu, 30 Apr 2026 12:31:18 +0000",
            "from smtp-relay-internal-0.internal ([10.131.114.225]\n helo=smtp-relay-internal-0.canonical.com)\n by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.86_2) (envelope-from <massimiliano.pellizzer@canonical.com>)\n id 1wIQY1-0004Gx-GO\n for kernel-team@lists.ubuntu.com; Thu, 30 Apr 2026 12:31:17 +0000",
            "from mail-wr1-f72.google.com (mail-wr1-f72.google.com\n [209.85.221.72])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 5794B3F427\n for <kernel-team@lists.ubuntu.com>; Thu, 30 Apr 2026 12:31:17 +0000 (UTC)",
            "by mail-wr1-f72.google.com with SMTP id\n ffacd0b85a97d-43d7757463eso1274576f8f.0\n for <kernel-team@lists.ubuntu.com>; Thu, 30 Apr 2026 05:31:17 -0700 (PDT)",
            "from tuxedo-infinitybook.ts.net\n (net-93-71-66-38.cust.vodafonedsl.it. [93.71.66.38])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-48a81ed6bafsm103695005e9.2.2026.04.30.05.31.15\n for <kernel-team@lists.ubuntu.com>\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Thu, 30 Apr 2026 05:31:15 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;\n s=20251003; t=1777552277;\n bh=+8343nvAe4sVS3T3G0ZGWNKX2iT69fVt5xkJV5h7cbE=;\n h=From:To:Subject:Date:Message-ID:MIME-Version;\n b=q26UqKE/mkZF/btL1Dep76D9ouPbNVKbY2GCGrpXoI2LDzvqnoeLLFudhTaQFeDrg\n BHZyIm3ptqyIILnKwVDx7jkx+WaDWGi3rGdgCfkqGlLZO0Z4Eg8UZb1RLWqBi0nGpr\n IkuNxrcNBHxVsDL+S3Vdi0L4YWpJ22p5Aj7F6MJq2lNXopJxTmiYsDF59x2dest10p\n 9tnWVaux7tarc7eBzul/9yWq0FoS64jnG27WaIp6+YZId8Wnmaj03lyYE105nIR3H4\n D8ZF1QOMkBN5f4YeFatqwuuijCLelkuE+tYoPHw4dC6DQ0uMD7fgCAyC1gey4p0cwX\n i7ycLOY6Rym3dCZZpw8sRfAe4E16HtRFjdoAmpbT6gZQqBBykSYeYKF8QrjiOEVStv\n uld7L8rlIvOSwAoM5jXKKXVUPIunyCprNjbMFhopJf1tsyCruP9rfuhGsBnhMbylya\n MxhfgLDuBqfr3l6zlL3fkfqyF1vmDxNnUKItV3/ErtlF1ULF3+lN+nCBQZyezmGhlj\n 4hEFpevar0pJ5DjeoqRjFxAnyXhutzuRPYEbB2LNZ5tqs/ejLDau+/GTZkqT3YLigD\n UURil3imrJT7Jx9eqqrrdB13ua1MMlB+FGIPfkC8Z+h+GG7oTBuReterxF6XO0QWgJ\n TJX4NMugtq8C4atqOA655Dwk=",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777552276; x=1778157076;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=+8343nvAe4sVS3T3G0ZGWNKX2iT69fVt5xkJV5h7cbE=;\n b=sEqbUA3kvL6psaFfbfB0YGAijLdvK79LKJgqUSSUPTs/RFKNgnWc+bRxC7RFbN4LAL\n gmtYMkJJLmdr5Lxx89mzpQsIHZqgyMbSHPJR8VdtcJrstP5wnNYPAf1iiznJNSgA6GiB\n 7lRYY+6rv9gEVdJr4Aup2rvLwQwCXdX2qYpc1VE/C03HzfyvholaNxuKfBRZ1gN8VmJV\n Q66l99ULjTpq+zd0KKjlP0vxG3+cy2+uNYU0PTwJtxobnSE8ENoqixbArhXZIkynN8k4\n MDxLr7jDORNOntIia5MK6p78uV/+6y1FtfwSFc/o3D4MPAgO9Es78SDyOUw2eHtXxfvF\n szRA==",
        "X-Gm-Message-State": "AOJu0Yzm1RfZGUonVBCJ6nipH59Qybt9nmPZM5l67iyZF2X8WM6X+y9K\n aHX+xuEvs1GEhNXxX8+qtN560dJcqCxFSqj3e6qPzKRxH2nXJadjrmNfJjfTZPEELfrhTw2VMQA\n HqEI6ZnHinkKBZ2fpRNNLyJ4DUKsUH0c3IobzCQfHr/Ur9vO3x07Z7BY0ciHBDb8rIkJVohZflx\n vyRApolyXjbcfVwA==",
        "X-Gm-Gg": "AeBDietnhMX0dlDjC0dTz2MOnjDEyTSPo4I199anRwEKi0A5mJWgo5vW05Ezh1ZJ8yE\n NekABZKFcx2ju9rXLOBf61FoUhT9EO8psLusLan69zwdAJAocP8XQJdBU6E4vAfoY2eqct9RiRY\n 3kxilfL9uY6gPRyzpicn7SwdPNHF8v+9Vw6usvkg2MNtYYHiqE9OJf8uQqXSXM2oruDzSfnbdF0\n GA1GuTF+eDs1lyggSMOp9ShR6ZqKjR+HCCtKc1flOGOQnudYjuBcGARTI5Ie2/6fBzpfzgP8cIo\n VudH51rNQauINtqAZ9aEoONJ6sfSu8oB9FK6SlBgAyQ2Kz9enxb681RjRYz4xYsLOu05pIMHVXq\n ftnqhXkvzht8vbAWDX2oRJiE3eI1Uj8zsctmmnRLOU1UTIIv8O6eWre8dOuYmIgixEiSjuK0rtL\n vW1M/y0V5HAszvWl2DzDQvXwsVKuQuXrABqYFEsw/kcX1s40He//HOstawqmR155nuHQzu8aJnm\n iHW/Ed8TEtJgJWKUnU4auE=",
        "X-Received": [
            "by 2002:a05:600c:4e8e:b0:486:f893:56c6 with SMTP id\n 5b1f17b1804b1-48a860758c7mr37722775e9.10.1777552276386;\n Thu, 30 Apr 2026 05:31:16 -0700 (PDT)",
            "by 2002:a05:600c:4e8e:b0:486:f893:56c6 with SMTP id\n 5b1f17b1804b1-48a860758c7mr37722225e9.10.1777552275744;\n Thu, 30 Apr 2026 05:31:15 -0700 (PDT)"
        ],
        "From": "Massimiliano Pellizzer <massimiliano.pellizzer@canonical.com>",
        "To": "kernel-team@lists.ubuntu.com",
        "Subject": "[SRU][Q/N/J][PATCH 0/3] CVE-2026-31431",
        "Date": "Thu, 30 Apr 2026 14:30:12 +0200",
        "Message-ID": "\n <177754965576.503496.12142658280614619991@tuxedo-infinitybook.public>",
        "X-Mailer": "git-send-email 2.53.0",
        "MIME-Version": "1.0",
        "X-BeenThere": "kernel-team@lists.ubuntu.com",
        "X-Mailman-Version": "2.1.20",
        "Precedence": "list",
        "List-Id": "Kernel team discussions <kernel-team.lists.ubuntu.com>",
        "List-Unsubscribe": "<https://lists.ubuntu.com/mailman/options/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>",
        "List-Archive": "<https://lists.ubuntu.com/archives/kernel-team>",
        "List-Post": "<mailto:kernel-team@lists.ubuntu.com>",
        "List-Help": "<mailto:kernel-team-request@lists.ubuntu.com?subject=help>",
        "List-Subscribe": "<https://lists.ubuntu.com/mailman/listinfo/kernel-team>,\n <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"utf-8\"",
        "Content-Transfer-Encoding": "base64",
        "Errors-To": "kernel-team-bounces@lists.ubuntu.com",
        "Sender": "\"kernel-team\" <kernel-team-bounces@lists.ubuntu.com>"
    },
    "content": "https://ubuntu.com/security/CVE-2026-31431\n\n[ Impact ]\n\nCVE-2026-31431 is a local privilege escalation vulnerability\nin the Linux kernel's AF_ALG (Algorithm) socket subsystem.\n\nThe vulnerability allows an unprivileged local user to perform a deterministic,\ncontrolled 4-byte write into the kernel page cache of any file that the attacker\ncan read, including setuid-root binaries such as /usr/bin/su.\nBecause the page cache is what the kernel consults when executing a file,\nthe corrupted in-memory copy is immediately visible system-wide without the on-disk\nchecksum being altered.\n\n[ Fix ]\n\n* Questing, cherry pick the following patches from upstream:\n  - a664bf3d603d crypto: algif_aead - Revert to operating out-of-place\n  - 5aa58c3a572b crypto: algif_aead - snapshot IV for async AEAD requests\n  - e02494114ebf crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption\n  - 1f48ad3b19a9 crypto: authencesn - Fix src offset when decrypting in-place\n  - 31d00156e50e crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl\n\n* Noble, cherry pick the following patches from linux-6.12.y:\n  - 41c3aa511e6e crypto: scatterwalk - Backport memcpy_sglist()\n  - 183137264401 crypto: algif_aead - use memcpy_sglist() instead of null skcipher\n  - 8b88d99341f1 crypto: algif_aead - Revert to operating out-of-place\n  - 46fdb39e8322 crypto: algif_aead - snapshot IV for async AEAD requests\n  - 7bc058a9b82b crypto: authenc - use memcpy_sglist() instead of null skcipher\n  - 89fe118b6470 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption\n  - 129f12934401 crypto: authencesn - Fix src offset when decrypting in-place\n  - c8369a6d62f5 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl\n\n* Jammy, cherry pick the following patches from linux-5.15.y:\n  - 36435a56cd6b crypto: scatterwalk - Backport memcpy_sglist()\n  - 17774d99bb43 crypto: algif_aead - use memcpy_sglist() instead of null skcipher\n  - 19d43105a97b crypto: algif_aead - Revert to operating out-of-place\n  - a920cabdb0b7 crypto: algif_aead - snapshot IV for async AEAD requests\n  - e416c41a96c8 crypto: authenc - use memcpy_sglist() instead of null skcipher\n  - d589abd8b019 crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption\n  - 723bb1b4a6dd crypto: authencesn - Fix src offset when decrypting in-place\n  - 2b781d1d4f93 crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl\n  - fd427dd84f22 crypto: algif_aead - Fix minimum RX size check for decryption\n\n[ Test Plan ]\n\nCompiled and boot tested.\nTested using the publicly available exploit.\nTested using LTP crypto testsuite for regressions.\n\n[ Where Problems Could Occur ]\n\nThe fix reverts the 2017 in-place optimization entirely, restoring out-of-place\noperation in algif_aead. A bug in the new out-of-place TX SGL allocation\nor AAD copy path could produce corrupt ciphertext, failed tag verification,\nor memory mismanagement under edge-case input lengths, affecting every consumer\nof the AF_ALG AEAD interface kernel-wide."
}