#!/bin/bash

KERNEL=$(uname -r)
RESULT="UNKNOWN"

echo "=== CVE-2026-31431 CHECK ==="
echo "Kernel: $KERNEL"

# 1. Check modul existent
MODULE_PATH=$(find /lib/modules/$KERNEL -type f -name 'algif_aead*' 2>/dev/null)

# 2. Check config kernel
CONFIG=$(zgrep CONFIG_CRYPTO_USER_API_AEAD /boot/config-$KERNEL 2>/dev/null)

# 3. Check runtime
LOADED=$(lsmod | grep algif_aead)

echo "---- Details ----"

if [ -z "$MODULE_PATH" ]; then
    echo "algif_aead module: NOT PRESENT"
else
    echo "algif_aead module: PRESENT -> $MODULE_PATH"
fi

if [ -z "$CONFIG" ]; then
    echo "Kernel config AEAD: NOT SET"
else
    echo "Kernel config AEAD: $CONFIG"
fi

if [ -z "$LOADED" ]; then
    echo "Module loaded: NO"
else
    echo "Module loaded: YES"
fi

echo "---- Verdict ----"

if [ -z "$MODULE_PATH" ] && [[ "$CONFIG" != *"=y"* ]] && [[ "$CONFIG" != *"=m"* ]]; then
    RESULT="NOT AFFECTED"
else
    RESULT="POTENTIALLY AFFECTED"
fi

echo "Result: $RESULT"
echo "=============================="