CVE-2026-46028
MEDIUMcrypto: algif_aead - snapshot IV for async AEAD requests
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - snapshot IV for async AEAD requests AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state.
References (8)
Core 8
Core References
Scores
CVSS v3
5.5
EPSS
0.0012
EPSS Percentile
2.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (27)
linux/Kernel
4.14.0 - 5.10.254linux
linux/Kernel
5.11.0 - 5.15.204linux
linux/Kernel
5.16.0 - 6.1.170linux
linux/Kernel
6.13.0 - 6.18.27linux
linux/Kernel
6.19.0 - 7.0.4linux
linux/Kernel
6.2.0 - 6.6.137linux
linux/Kernel
6.7.0 - 6.12.85linux
Linux/Linux
< 4.14
Linux/Linux
4.14
Linux/Linux
5.10.254 - 5.10.*
... and 17 more
Published
May 27, 2026
Tracked Since
May 27, 2026