CVE-2026-46028
Last modified
CVE-2026-46028 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - snapshot IV for async AEAD requests AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state.. EPSS estimates a 0.12% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - snapshot IV for async AEAD requests AF_ALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async requests, later socket activity can update that shared state before the original request has fully completed, which can lead to inconsistent IV handling. Snapshot the IV into per-request storage when preparing the AEAD request, so in-flight operations no longer depend on mutable socket state.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.14, < 5.10.254 |
| Linux | Linux Kernel | >= 5.11, < 5.15.204 |
| Linux | Linux Kernel | >= 5.16, < 6.1.170 |
| Linux | Linux Kernel | >= 6.2, < 6.6.137 |
| Linux | Linux Kernel | >= 6.7, < 6.12.85 |
| Linux | Linux Kernel | >= 6.13, < 6.18.27 |
| Linux | Linux Kernel | >= 6.19, < 7.0.4 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-46028?
How severe is CVE-2026-46028?
How do I fix CVE-2026-46028?
Are you affected by CVE-2026-46028?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST