-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

HPE Aruba Networking Product Security Advisory
=============================================
Advisory ID: HPESBNW05059
CVE: CVE-2026-31431
Publication Date: 2026-MAY-19
Status: Confirmed
Severity: HIGH
Revision: 1


Title
=====
Status of Copy Fail vulnerability on HPE Aruba Networking 
Products (CVE-2026-31431)


Overview
========
A recently disclosed Linux kernel vulnerability, known 
as Copy Fail (CVE-2026-31431), enables local privilege 
escalation by exploiting improper memory management 
within the algif_aead cryptographic interface.
 

Affected Products
=================
 HPE Aruba Networking Management Software (Airwave)
  - Airwave 8.3.0.6 and below

 HPE Aruba Networking AOS-CX
  - AOS-CX 10.17.xxxx: AOS-CX 10.17.1010 and below
  - AOS-CX 10.16.xxxx: AOS-CX 10.16.1040 and below
  - AOS-CX 10.13.xxxx: AOS-CX 10.13.1170 and below

 HPE Aruba Networking EdgeConnect Orchestrator
  - All versions

 HPE Aruba Networking Analytics and Location Engine (ALE)
  - All versions

  NOTE: ALE does not provide non-root local user access by 
  default, reducing the likelihood of exploitation and 
  resulting in a low-risk assessment.

 HPE Aruba Networking Meridian Asset Tracking

Under Investigation 
===================
 HPE Aruba Networking Wireless Operating Systems (AOS)
  - AOS-10.8.x.x: all
  - AOS-10.7.x.x: all
  - AOS-10.4.x.x: all
  - AOS-8.13.x.x: all
  - AOS-8.10.x.x: all

 HPE Aruba Networking NetEdit
  - NetEdit 2.17.x: all

 HPE Aruba Networking InstantOn Switches

 HPE Aruba Networking Private 5G

Unaffected Products
===================
 HPE Aruba Networking ClearPass Policy Manager (CPPM)
  - CPPM 6.12.x: all
  - CPPM 6.11.x: all

 HPE Aruba Networking EdgeConnect SD-WAN
  - ECOS 9.4.x.x: all
  - ECOS 9.5.x.x: all
  - ECOS 9.6.x.x: all

 HPE Aruba Networking User Experience Insight (UXI)

 HPE Aruba Networking Central On-Premises (COP/CNXOP)

 HPE Aruba Networking Central (Cloud Auth / Cloud Guest)

 HPE Networking InstantOn AP and Secure Gateway (SG)

Any other HPE Aruba Networking products and software 
versions not specifically listed above are not affected 
by this vulnerability.


Details
========

Local Privilege Escalation Vulnerability in Linux Kernel algif_aead 
Cryptographic Subsystem
(CVE-2026-31431)
- - -------------------------------------------------------------
  A Linux kernel local privilege escalation vulnerability 
  affecting kernel versions released between 2017 and early 
  2026 has been publicly disclosed. The flaw stems from 
  improper memory handling in the algif_aead cryptographic 
  subsystem and may allow an unprivileged local user to gain 
  root access.
 
  Internal References: VULN-285
  Severity: HIGH
  CVSS v3.1 Base Score: 7.8
  CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  
  Discovery: The vulnerability was discovered by a third party. 
  Please refer to the Linux kernel CVE announcement  
  (https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/)
  for credit and acknowledgment details.
  
  NOTE: Exploitation of this vulnerability requires local 
  access and the ability to execute code on the affected 
  system. Consequently, the practical risk is reduced in 
  environments with restricted administrative access.
  

Resolution
==========
To remediate this vulnerability, HPE Aruba Networking
recommends applying the software updates listed below 
(as applicable).

 HPE Aruba Networking Management Software (Airwave)
  - Airwave 8.3.0.7 and above (ETA: First half of July 2026)

 HPE Aruba Networking AOS-CX (ETA: First half of June 2026)
  - AOS-CX 10.17.xxxx: AOS-CX 10.17.1020 and above   
  - AOS-CX 10.16.xxxx: AOS-CX 10.16.1050 and above
  - AOS-CX 10.13.xxxx: AOS-CX 10.13.1180 and above 

 HPE Aruba Networking EdgeConnect Orchestrator
  - All versions

    NOTE: For OVAs that have already been released, customers 
    must run 'yum update' to apply the latest packages and 
    security fixes. During upgrade operations, 'yum update' is 
    executed automatically as part of the upgrade process.
    For newly generated OVAs, 'yum update' is run prior to OVA 
    creation to ensure the image includes the latest available 
    updates.

 HPE Aruba Networking Analytics and Location Engine (ALE)
  - ALE 4.2.0.0 and above (ETA: First half of August 2026)

    NOTE: Once upgraded kernel becomes available users can 
    directly perform kernel upgrade through 'yum update' 
    in ALE server.

 HPE Aruba Networking Meridian Asset Tracking

    NOTE: A patch addressing this vulnerability is scheduled 
    for deployment on May 20, 2026.
  

NOTE: This Security Advisory will be updated when assessment of 
the products “Under Investigation” is completed.

Software versions with resolution/fixes for the vulnerabilities 
covered above can be downloaded from the HPE Networking 
Support Portal at 
https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE

HPE Aruba Networking does not evaluate or patch software 
branches that have reached their End of Maintenance (EoM) 
milestone. For more information about HPE Aruba Networking's 
End of Life policy visit: 
https://www.hpe.com/psnow/doc/a00143052enw


Workaround
==========
Successful exploitation requires direct access to a system's 
shell or local console. Implementing security best practices 
to limit access to the impacted systems, reduce the likelihood 
of successful malicious exploitation. 

 
Exploitation and Public Discussion
==================================
HPE Aruba Networking is aware of public discussion of copy 
fail Vulnerability. Additional information is available at 
https://lore.kernel.org/linux-cve-announce/2026042214-CVE-2026-31431-3d65@gregkh/. 
As of the advisory release date, we are not aware of any 
exploit code specifically targeting affected HPE Aruba 
Networking products in connection with this vulnerability.
 
 
Revision History
================
Revision 1 / 2026-MAY-19 / Initial release
 
 
HPE Aruba Networking SIRT Security Procedures
==============================
Complete information on reporting security vulnerabilities 
in HPE Aruba Networking products and obtaining assistance 
with security incidents is available at:
https://www.hpe.com/support/security-response-policy
 
For reporting *NEW* HPE Aruba Networking security issues, 
email can be sent to aruba-sirt(at)hpe.com. For sensitive 
information we encourage the use of PGP encryption. Our 
public keys can be found at: 
https://www.hpe.com/info/psrt-pgp-key
 
(c) Copyright 2026 by Hewlett Packard Enterprise Development 
LP. This advisory may be redistributed freely after the 
release date given at the top of the text, provided that 
the redistributed copies are complete and unmodified, 
including all data and version information.
-----BEGIN PGP SIGNATURE-----

iQHLBAEBCAA1FiEEQT1cq06WWXH+NEKru7x8adyj7A4FAmoMrvkXHHNlY3VyaXR5
LWFsZXJ0QGhwZS5jb20ACgkQu7x8adyj7A5THQv/Yz5btoe6q+skEb/SdFCS6Mwt
5EBdxPefc3MGg8RPAW/a3Txs5UeMibR42FFpJRuAwOkKn2zVow0530mGnwjItaVV
cd+T1CpjZZMa7YF74Jx91LhRUhbfDJVG14CqxtG8dBWjcPIR9hpMR6VkovkMX/pT
6KqzZXZT9cwopqbK3hODQf7OJgU9Quef192xrBDCYEjNB5X0+SPAWHxoc8Ia+xmn
6WTk5SpC7NtSVC6GER0inuwJaKtIedsQjG0spHtfkMWeD4qG8gOWFlHiLt3xiKyC
aMBmck/b9jtw/4SzqBrtr72C4p0ouTYD2QBMxk7ncLCSg09eHwQFte9iDpNmsTzW
x78sO6+MxVpIVOxld2MVB+aGa1F/7TDEbOXxXy8CppS2TdRq/5l5mIy13cAoZJPy
xBgvV8xPHpPsyBuZwoMHLI/GZRS8d630ThtJR+YLANWk+uI8wyPx6LRvVPvq7MWE
4MN8jTLfmCKXzCrTVjAFmG0ZGeMBhXPfnScNkA/c
=gkFj
-----END PGP SIGNATURE-----