CVE Catalog

CVE-2026-52932

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

In the Linux kernel, the xfrm/ipcomp module fails to free destination pages on asynchronous compression (acomp) errors. The fix moves the out_free_req label to ensure the allocated SG list is freed on both error and success paths.

Risk Assessment

Failure to free memory can cause kernel memory leaks, potentially leading to system performance degradation or denial of service (DoS) for processes using IPsec compression.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit moving the out_free_req label) or apply an appropriate backport for the kernel in use.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the out_free_req label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS