CVE-2026-52932
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
In the Linux kernel, the xfrm/ipcomp module fails to free destination pages on asynchronous compression (acomp) errors. The fix moves the out_free_req label to ensure the allocated SG list is freed on both error and success paths.
Risk Assessment
Failure to free memory can cause kernel memory leaks, potentially leading to system performance degradation or denial of service (DoS) for processes using IPsec compression.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit moving the out_free_req label) or apply an appropriate backport for the kernel in use.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the out_free_req label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success.

