Please login to access that KB Article

RUCKUS SmartZone and CVE 2026 31431 Exposure Assessment

Summary

This article clarifies the exposure status of RUCKUS SmartZone to CVE 2026 31431. Engineering analysis confirms that SmartZone does not use the affected Linux AF_ALG AEAD module, and due to the closed-system architecture, this CVE is not exploitable on supported SmartZone releases.

Question

Is RUCKUS SmartZone vulnerable to CVE?2026?31431?
 

Customer Environment

• Product: RUCKUS SmartZone • Versions: o R6.1.2p5 and later o R7.1.1p1 and later • Deployment type: Physical or Virtual SmartZone • Operating model: Closed appliance / system image

Symptoms

  • Customers or security scanners may flag CVE?2026?31431 based on kernel version or generic Linux vulnerability databases

  • No functional impact or observable symptoms on SmartZone operation

Root Cause

CVE?2026?31431 affects the Linux AF_ALG AEAD (Authenticated Encryption with Associated Data) interface implemented in algif_aead.c, which was introduced in Linux kernel 4.1. Engineering analysis confirms the following for RUCKUS SmartZone: Earlier SmartZone releases use Linux kernel 3.10, which does not include algif_aead.c, and therefore is not vulnerable Starting with SmartZone R6.1.2p5 and R7.1.1p1, the Linux kernel was upgraded to 5.4 Although Linux kernel 5.4 includes the AF_ALG AEAD implementation: SmartZone does not implement or expose any use cases that rely on AF_ALG AEAD SmartZone operates as a closed system, preventing external access paths required to exploit this vulnerability As a defence?in?depth measure, Engineering plans to disable the AF_ALG AEAD module in SmartZone software in a later release. As a result, CVE?2026?31431 is not exploitable on any SmartZone release.

Troubleshooting Steps

  1. Identify the SmartZone software version in use

  2. Confirm the version is:

    • R6.1.2p5 or later, or

    • R7.1.1p1 or later

  3. Review this advisory to confirm non?applicability of the CVE to SmartZone

No additional diagnostics or log collection is required.
 

Resolution

  • RUCKUS SmartZone is not vulnerable to CVE?2026?31431
  • The SmartZone platform does not use the AF_ALG AEAD module
  • SmartZone operates as a closed system, preventing external exploitation paths associated with this CVE
  • As a defense?in?depth measure, the engineering team plans to disable the AF_ALG AEAD module in SmartZone software in a later release

No customer action is required.
 

Article Number:
000015331

Updated:
May 22, 2026 10:33 AM (20 days ago)

Tags:
Security, SmartCell Gateway

Votes:
0

This article is:
helpful
not helpful

Working...Please wait

This is here to prevent you from accidentally submitting twice.

The page will automatically refresh.

Alert!!

Close