Preface: The algif_aead module is a Linux-specific component of the AF_ALG socket interface. It is rarely the primary choice for application-level encryption even on Linux, and it has no direct equivalent in the architecture of Apple’s iOS XNU kernel.

Background: The use of algif_aead is a niche architectural choice for several reasons:

Platform Dependency: It is part of the Linux Kernel Crypto API. Apps targeting multiple platforms (Android, iOS, Windows) prefer cross-platform libraries like OpenSSL, BoringSSL, or libsodium to avoid writing platform-specific kernel interface code.

The specified design weakness (Copy Fail) in the Linux kernel allows a local attacker to overwrite read-only files by manipulating the page cache via splice() and the AF_ALG (kernel crypto) interface.

Ref: This exploit allows a write to the page cache of that file. This explains how a read-only file gets “overwritten” in memory, which is the “magic” of this vulnerability.

Vulnerability details: In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead – Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.

Official announcement: Please refer to link for details – https://nvd.nist.gov/vuln/detail/CVE-2026-31431