• jay.guillette (RSA SecurID)

    OK, found out AM 8.9 P2 will include fix for CVE-2026-31431

    Selected as Best

  • EricaChalfin (RSA)

    @CHASEDAFNIS58046 (Customer)​ ,

     

    CVE‑2026‑31431 is a local‑only issue that can be exploited only by an authenticated appliance administrator (rsaadmin), who already has root‑level access by design. As a result, the CVE does not introduce additional risk or expand the attack surface. Given the lack of security impact, RSA does not plan to release a patch for this issue at this time, but we will continue to monitor and reassess if the risk profile changes.

  • jay.guillette (RSA SecurID)

    SUSE says that CVE-2026-31431 Copy Fail vulnerability

    Affects almost all major Linux distributions with Linux kernels 4.14 and newer, released since 2017, inclusive of: SLES 15 (all service packs)

     

    Note: RSA AM 8.9 uses SLES-15 SP4 and AM 8.10 due later this year will use SLES-15 SP7.

     

    There is a work-around, but that would not be 'supported' by RSA as you would be modifying the system and the affects would be unknown, so there would be some risk there, more risk than the vulnerability itself to AM.

     

    Suse Resolution

    Update May 3rd 2026: SUSE has released updates for all maintained SUSE Linux Enterprise and openSUSE Leap distributions.

     

    https://www.suse.com/c/suse-responds-to-the-copy-fail-vulnerability/

     

    RSA would include this SUSE fix at some point in AM 8.10, and possibly in AM 8.9.

    But again, as Erica stated, there is no additional risk to the AM appliance from CVE-2026-31431

     

    Expand Post

  • jay.guillette (RSA SecurID)

    OK, found out AM 8.9 P2 will include fix for CVE-2026-31431

    Selected as Best

  • yannickneault (Customer)

    What is the target date for the AM 8.9 patch 2 availability?

     

  • jay.guillette (RSA SecurID)

    Currently May 28th, 2026. Slight risk it could slip a little.

Don't see what you're looking for?