Impact of Linux Kernel vulnerabilities on B&R products

Risk Summary

B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products.

CVEs (5)

Remediations

• For affected products, software updates should be installed upon availability. Product Patch version - APROL : APROL-AutoYaST-DVD- V4.4-010.10.260602 Until remediated software versions are available, customers are required to conduct a risk assessment of their affected systems and to implement the mitigation measures and workarounds specified in this advisory.
• Successful exploitation of the vulnerabilities described in this advisory requires local access to the affected system with low-privileged user credentials. Customers are strongly advised to enforce strict access control policies on all Linux-based systems, ensuring that interactive access is exclusively granted to authorized and trusted personnel. This includes reviewing and hardening user account permissions and disabling unused accounts. Refer to section “General security recommendations” for further advise on how to keep your system secure.
• Security researchers have identified and validated the following workarounds to reduce exposure to the vulnerabilities described in this advisory. These measures do not remediate the underlying vulnerabilities but effectively block known attack vectors until patched software versions are deployed. Important: Customers are advised to thoroughly test their systems after applying any of the listed workarounds. B&R has no visibility into customer-specific applications running on the underlying Linux system. It is the customer's responsibility to assess whether the applied workarounds interfere with existing application workloads prior to deployment in production environments. For Debian-based systems within an active support lifecycle, kernel patches addressing CVE-2026-31431 are already available via the official package repositories. Customers are strongly encouraged to apply these updates immediately by executing the following command: sudo apt update && sudo apt upgrade A system reboot is required after the upgrade for the updated kernel to take effect. Temporary Mitigation: If an immediate system update is not feasible, the affected kernel module (algif_aead) can be disabled persistently. Security researchers have confirmed this measure effectively prevents exploitation of CVE-2026-31431. Execute the following commands as root: echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf rmmod algif_aead 2>/dev/null || true Impact assessment: Disabling the algif_aead module removes the AEAD socket interface from the kernel cryp-to API. This does not affect dm-crypt/LUKS, kTLS, IPsec/XFRM, OpenSSL, GnuTLS, NSS, or SSH. Applications explicitly configured to use the afalg engine or that directly bind aead, skcipher, or hash sockets via AF_ALG may be affected. To assess exposure prior to applying this workaround, run: lsof | grep AF_ALG

Affected Vendors

Affected Products (4)

Affected Sectors

Critical Manufacturing