CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Impact of Linux Kernel vulnerabilities on B&R products

criticalknown exploitedpublic exploitCVE-2026-31431CVE-2026-43284CVE-2026-46333CVE-2026-46300CVE-2026-43494
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
View CSAF Summary B&R is aware of publicly reported vulnerabilities affecting the Linux kernel versions shipped with the products listed as affected in the advisory. Successful local exploitation of these vulnerabilities could allow an attacker to escalate privileges on the affected system. Public proof-of-concept exploits are available for the vulnerabilities described herein. At the time of publication of this advisory, B&R had no evidence of active exploitation targeting B&R products. The following versions of Impact of Linux Kernel vulnerabilities on B&R products are affected: Linux for B&R <=12 APROL <APROL-AutoYaST-DVD- V4.4-010.10.260602 X20EDS410 /all CVSS Vendor Equipment Vulnerabilities v3 7.8 B&R Industrial Automation GmbH Impact of Linux Kernel vulnerabilities on B&R products Incorrect Resource Transfer Between Spheres, Write-what-where Condition, Improper Privilege Management, Out-of-bounds Write, Multiple Releases of Same Resource or Handle Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. View CVE Details Affected Products Impact of Linux Kernel vulnerabilities on B&R products Vendor: B&R Industrial Automation GmbH Product Version: B&R Industrial Automation GmbH Linux for B&R <=12, B&R Industrial Automation GmbH APROL <APROL-AutoYaST-DVD- V4.4-010.10.260602, B&R Industrial Automation GmbH X20EDS410 /all Product Status: fixed, known_affected Remediations Vendor fix For affected products, softw

CSIRTS triage

vendor: B&R Industrial Automation GmbHproduct: Linux for B&RPrivilege escalationaffected: <=12 APROL <APROL-AutoYaST-DVD- V4.4-010.10.260602 X20EDS410 /all
What
Local exploitation of vulnerabilities in the Linux kernel could allow privilege escalation.
Who is affected
Deployments of B&R products using the affected Linux kernel versions.
Urgency
Remediation is urgent due to the availability of public proof-of-concept exploits and the critical severity of the vulnerabilities.
Action
Update to the latest version of the Linux kernel as recommended by B&R.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Linux for B&R

Get an email when a new Linux for B&R advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Cybersecurity Advisories (US · national-cert · site)
Severity
critical
Published
2026-06-23
Exploitation
Observed in the wild (CISA KEV)

Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-06

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-31431coverage & exploitation statusNVD · CVE.org
CVE-2026-43284coverage & exploitation statusNVD · CVE.org
CVE-2026-46333coverage & exploitation statusNVD · CVE.org
CVE-2026-46300coverage & exploitation statusNVD · CVE.org
CVE-2026-43494coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from CISA Cybersecurity Advisories