老师,Copy Fail 这个漏洞,2203.sp1 受影响吗
我看你们的issue 以前的版本超出修复范围 ?
The CVE-2026-31431 vulnerability disclosure indicates that only openEuler-22.03-LTS-SP4 is affected; openEuler-22.03-SP1 is not listed.
You can perform the following checks to verify your system’s status. If affected, it is recommended to upgrade your system kernel as soon as possible.
Troubleshooting Steps
# Check kernel version
uname -r
# Check if kernel configuration is enabled (recommended)
grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-$(uname -r)
Note: Three possible outcomes exist:
CONFIG_CRYPTO_USER_API_AEAD=n Fully disabled, not affected, no action needed
CONFIG_CRYPTO_USER_API_AEAD=y Built into kernel (not visible via lsmod), affected, no mitigation available at present — kernel upgrade required (e.g., RHEL/CentOS/Rocky Linux/AlmaLinux 8, 9, 10)
CONFIG_CRYPTO_USER_API_AEAD=m Loaded as module (visible via lsmod), poses risk when loaded, affected — mitigation measures below can help
# Check if the vulnerable module is loaded
lsmod | grep algif
# Check if AF_ALG socket creation is possible
python3 -c "import socket; socket.socket(38,5,0); print('VULNERABLE')"
CVE-2026-31431 definitely affects openEuler-22.03-SP1, as this vulnerability was introduced via the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=72548b093ee38a6d4f2a19e6ef1948ae05c181f7
This commit was merged into the mainline from v4.14-rc1. All subsequent kernel versions containing this commit are affected. Since openEuler-22.03-SP1 uses the kernel-5.10.y series, it is also affected.
Regarding the fact that the official openEuler vulnerability disclosure does not list openEuler-22.03-SP1 as affected, this is because the product has reached end-of-life. The only supported and maintained openEuler-22.03 product is openEuler-22.03-LTS-SP4, which is why it appears in the list.
For remediation, you can directly upgrade to the kernel version included in openEuler-22.03-LTS-SP4. This kernel version should be compatible with openEuler-22.03-SP1. Alternatively, you can refer to the kernel fix in openEuler-22.03-LTS-SP4, apply the patch to the kernel source code of openEuler-22.03-SP1, recompile, and reinstall it.