CVE-2026-31719 Affecting linux-qemu-rc package, versions <7.1_rc3-r0
Threat Intelligence
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CHAINGUARDLATEST-LINUXQEMURC-16727667
- published17 May 2026
- disclosed1 May 2026
Introduced: 1 May 2026
CVE-2026-31719 (opens in a new tab)How to fix?
Upgrade Chainguard linux-qemu-rc to version 7.1_rc3-r0 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream linux-qemu-rc package and not the linux-qemu-rc package as distributed by Chainguard.
See How to fix? for Chainguard relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
crypto: krb5enc - fix async decrypt skipping hash verification
krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchronously, this signals "done" to the caller without executing krb5enc_dispatch_decrypt_hash(), completely bypassing the integrity verification (hash check).
Compare with the encrypt path which correctly uses krb5enc_encrypt_done as an intermediate callback to chain into the hash computation on async completion.
Fix by adding krb5enc_decrypt_done as an intermediate callback that chains into krb5enc_dispatch_decrypt_hash() upon async skcipher completion, matching the encrypt path's callback pattern.
Also fix EBUSY/EINPROGRESS handling throughout: remove krb5enc_request_complete() which incorrectly swallowed EINPROGRESS notifications that must be passed up to callers waiting on backlogged requests, and add missing EBUSY checks in krb5enc_encrypt_ahash_done for the dispatch_encrypt return value.
Unset MAY_BACKLOG on the async completion path so the user won't see back-to-back EINPROGRESS notifications.