Changes
Home Assistant Operating System 17.3 is a security release that only updates the Linux kernel to the latest version. For Raspberry Pi targets, the relevant algif_aead fixes for CVE-2026-31431 (Copy Fail) have been explicitly backported.
Note
In practice, most parts of a Home Assistant Operating System installation are not meaningfully affected by this vulnerability: Home Assistant Operating System is a single-application appliance, and Home Assistant's security model expects that logged-in users are trusted and does not rely on separating trusted local users from each other. Most parts (including Home Assistant Core and custom components) already run as root. Fixing this CVE only meaningfully improves the security posture for apps (formerly add-ons) that intentionally drop privileges (apps running as a non-root user).