Impact of Linux Kernel vulnerabilities on B&R products
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
View CSAF Summary B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products. The following versions of Impact of Linux Kernel vulnerabilities on B&R products are affected: Linux for B&R <=12 APROL <APROL-AutoYaST-DVD- V4.4-010.10.260602 X20EDS410 /all CVSS Vendor Equipment Vulnerabilities v3 7.8 B&R Industrial Automation GmbH Impact of Linux Kernel vulnerabilities on B&R products Incorrect Resource Transfer Between Spheres, Write-what-where Condition, Improper Privilege Management, Out-of-bounds Write, Multiple Releases of Same Resource or Handle Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. View CVE Details Affected Products Impact of Linux Kernel vulnerabilities on B&R products Vendor: B&R Industrial Automation GmbH Product Version: B&R Industrial Automation GmbH Linux for B&R <=12, B&R Industrial Automation GmbH APROL <APROL-AutoYaST-DVD- V4.4-010.10.260602, B&R Industrial Automation GmbH X20EDS410 /all Product Status: fixed, known_affected Remediations Vendor fix For affected products, softw
CSIRTS triage
- What
- Local exploitation of vulnerabilities in the Linux kernel could allow privilege escalation.
- Who is affected
- Deployments of B&R products using the affected Linux kernel versions.
- Urgency
- Remediation is urgent due to the availability of public proof-of-concept exploits and the critical severity of the vulnerabilities.
- Action
- Update to the latest version of the Linux kernel as recommended by B&R.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Linux for B&R
Get an email when a new Linux for B&R advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-06
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation confirmedCVE-2026-31431Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 100% of all scored CVEs.
- Exploitation confirmedCVE-2026-43284Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 100% of all scored CVEs.
- Exploitation confirmedCVE-2026-46333Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 69% of all scored CVEs.
- Exploitation confirmedCVE-2026-46300Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 88% of all scored CVEs.
- Exploitation confirmedCVE-2026-43494Already exploited in the wild (CISA KEV) — the prediction phase is over. Patch now. Riskier than 19% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-31431 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-43284 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-46333 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-46300 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-43494 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[UPDATE] [high] Linux Kernel: Multiple vulnerabilitiescert-bund
- high[UPDATE] [high] Linux Kernel (Dirty Frag): Multiple vulnerabilities allow gaining administrator rightscert-bund
- medium[UPDATE] [medium] Linux Kernel: Vulnerability Allows Bypassing Security Measurescert-bund
- high[UPDATE] [high] Linux Kernel (Fragnesia): Vulnerability Allows Gaining Administrator Rightscert-bund
- high[UPDATE] [high] Linux Kernel: Vulnerability allows privilege escalationcert-bund
- unknownUSN-8530-1: Linux kernel (AWS) vulnerabilitiesubuntu
- unknownexploitedUSN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilitiesubuntu
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in SUSE Linux kernel (July 10, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 3, 2026)cert-fr-avis
- unknownMultiple vulnerabilities in SUSE Linux kernel (July 3, 2026)cert-fr-avis
- unknownRedHat Linux Kernel Multiple Vulnerabilitieshkcert
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalSchneider Electric PowerChute Serial Shutdown2026-07-09
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07