CVE-2026-52972

HIGH

crypto: af_alg - Cap AEAD AD length to 0x80000000

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000.

Scores

CVSS v3 7.0
EPSS 0.0014
EPSS Percentile 3.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (25)
linux/Kernel 4.1.0 - 5.10.258linux
linux/Kernel 5.11.0 - 5.15.209linux
linux/Kernel 5.16.0 - 6.1.175linux
linux/Kernel 6.13.0 - 6.18.33linux
linux/Kernel 6.19.0 - 7.0.10linux
linux/Kernel 6.2.0 - 6.6.141linux
linux/Kernel 6.7.0 - 6.12.91linux
Linux/Linux < 4.1
Linux/Linux 4.1
Linux/Linux 400c40cf78da00c16e561a3a253ca272455c42ef - 265ac26d1c5e17b34d497cbda1f754a1ec8552bc
... and 15 more
Published Jun 24, 2026
Tracked Since Jun 24, 2026