CVE Catalog

CVE-2026-46028

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to the algif_aead algorithm, affecting asynchronous AEAD requests. The issue arises from the use of a socket-wide IV buffer, which can lead to inconsistent IV handling due to later socket activity.

Risk Assessment

Organizations may be at risk of unauthorized access to or modification of data, potentially leading to serious security breaches.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper IV management in asynchronous AEAD requests.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - snapshot IV for async AEAD requests AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS