CVE-2026-46077
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability related to DMA synchronization in the atmel-tdes module has been fixed in the Linux kernel. Incorrect use of the sync direction may lead to stale cache data being returned on non-coherent platforms.
Risk Assessment
Organizations may be exposed to exploitation of this vulnerability, potentially leading to application malfunctions and data leaks.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper DMA synchronization.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, ->dma_addr_out must be synced with dma_sync_single_for_cpu() instead of dma_sync_single_for_device(). Using the wrong direction can return stale cache data on non-coherent platforms.

