CVE-2026-46028

MEDIUM

crypto: algif_aead - snapshot IV for async AEAD requests

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - snapshot IV for async AEAD requests AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state.

Scores

CVSS v3 5.5
EPSS 0.0012
EPSS Percentile 2.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (27)
linux/Kernel 4.14.0 - 5.10.254linux
linux/Kernel 5.11.0 - 5.15.204linux
linux/Kernel 5.16.0 - 6.1.170linux
linux/Kernel 6.13.0 - 6.18.27linux
linux/Kernel 6.19.0 - 7.0.4linux
linux/Kernel 6.2.0 - 6.6.137linux
linux/Kernel 6.7.0 - 6.12.85linux
Linux/Linux < 4.14
Linux/Linux 4.14
Linux/Linux 5.10.254 - 5.10.*
... and 17 more
Published May 27, 2026
Tracked Since May 27, 2026