CVE-2026-31719

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: krb5enc - fix async decrypt skipping hash verification<br /> <br /> krb5enc_dispatch_decrypt() sets req-&gt;base.complete as the skcipher<br /> callback, which is the caller&amp;#39;s own completion handler. When the<br /> skcipher completes asynchronously, this signals "done" to the caller<br /> without executing krb5enc_dispatch_decrypt_hash(), completely bypassing<br /> the integrity verification (hash check).<br /> <br /> Compare with the encrypt path which correctly uses<br /> krb5enc_encrypt_done as an intermediate callback to chain into the<br /> hash computation on async completion.<br /> <br /> Fix by adding krb5enc_decrypt_done as an intermediate callback that<br /> chains into krb5enc_dispatch_decrypt_hash() upon async skcipher<br /> completion, matching the encrypt path&amp;#39;s callback pattern.<br /> <br /> Also fix EBUSY/EINPROGRESS handling throughout: remove<br /> krb5enc_request_complete() which incorrectly swallowed EINPROGRESS<br /> notifications that must be passed up to callers waiting on backlogged<br /> requests, and add missing EBUSY checks in krb5enc_encrypt_ahash_done<br /> for the dispatch_encrypt return value.<br /> <br /> <br /> Unset MAY_BACKLOG on the async completion path so the user won&amp;#39;t<br /> see back-to-back EINPROGRESS notifications.