Open-E Knowledgebase
Knowledgebase
Downloads
Tags
Ask a Question
Open-E Website
Open-E Instagram Profile!
Follow us!
Like us!
toggle
Open-E / KB Home / JovianDSS / JovianDSS Information / General info / [JDSS] JovianDSS up32 and up33 are not affected by Linux kernel...

[JDSS] JovianDSS up32 and up33 are not affected by Linux kernel vulnerability, CVE-2026-31431 (Copy Fail)

Article ID: 3571
Last updated: 07 May, 2026

JovianDSS up32 and up33 are not affected by Linux kernel vulnerability, CVE-2026-31431 (Copy Fail)

CVE-2026-31431 (Copy Fail) is in the Linux kernel's `algif_aead` module, which is part of the AF_ALG userspace-crypto socket family.

That entire family is disabled at compile time in the kernel that ships in JovianDSS up32 b61683 and up33 b65410. Verified on a running JovianDSS:

# zcat /proc/config.gz | grep CONFIG_CRYPTO_USER_API_
# CONFIG_CRYPTO_USER_API_HASH is not set
# CONFIG_CRYPTO_USER_API_SKCIPHER is not set
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set

`algif_aead` is not built and not loadable on the appliance; a `socket(AF_ALG, ...)` call returns `EAFNOSUPPORT` from the kernel itself.

The exploit requires that socket to perform its in-place / `splice()` write, so it has no surface to land on - this is independent of the closed-appliance / no-shell argument.

No JovianDSS kernel update or Small Update is required for this CVE.

This article was:   Helpful | Not helpful Report an issue


Article ID: 3571
Last updated: 07 May, 2026
Revision: 1
Views: 0
Posted: 07 May, 2026 by Komonchak A.
Updated: 07 May, 2026 by Komonchak A.
print  Print email  Subscribe email  Email to friend share  Share pool  Add to pool
Tags
Linux kernel CVE-2026-31431 Copy Fail vulnerability
Prev     Next
General info       [JDSS] Changes for ZFS parameters in NYMNETWORKS MIB after...

RSS
The Knowledge base is managed by Open-E data storage software company.