CVE-2026-52972
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Cap AEAD AD length to 0x80000000
In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < f8a5203596797f394ff3f9aa4005597a92249802 | affected |
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < a9f68d9ed38dd6e5a6c6d75b03d25c1c133e321d | affected |
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < a4fe4eb580bbc7439f649a496d4cf38415a4021c | affected |
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < e4c4a5074532eaaa14951994a3aad0d479aa7431 | affected |
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < 265ac26d1c5e17b34d497cbda1f754a1ec8552bc | affected |
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < a1c5672faf8e93e38c2deac3979cc767ca5cf918 | affected |
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < 97948906dc8e0ea84775e03e35b60a2063c70193 | affected |
| Linux | Linux | 400c40cf78da00c16e561a3a253ca272455c42ef < e4c06479d7059888adf2f22bc1ebcf053bf691a2 | affected |
| Linux | Linux | 4.1 | affected |
| Linux | Linux | 0 < 4.1 | unaffected |
| Linux | Linux | 5.10.258 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.209 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.175 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.141 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.91 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.33 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.10 <= 7.0.* | unaffected |
| Linux | Linux | 7.2-rc1 <= * | unaffected |
Weaknesses
ADP Enrichment
kernel: crypto: af_alg - Cap AEAD AD length to 0x80000000
Additional References
- https://access.redhat.com/security/cve/CVE-2026-52972
- https://bugzilla.redhat.com/show_bug.cgi?id=2492364
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-52972.json
References
- https://git.kernel.org/stable/c/f8a5203596797f394ff3f9aa4005597a92249802
- https://git.kernel.org/stable/c/a9f68d9ed38dd6e5a6c6d75b03d25c1c133e321d
- https://git.kernel.org/stable/c/a4fe4eb580bbc7439f649a496d4cf38415a4021c
- https://git.kernel.org/stable/c/e4c4a5074532eaaa14951994a3aad0d479aa7431
- https://git.kernel.org/stable/c/265ac26d1c5e17b34d497cbda1f754a1ec8552bc
- https://git.kernel.org/stable/c/a1c5672faf8e93e38c2deac3979cc767ca5cf918
- https://git.kernel.org/stable/c/97948906dc8e0ea84775e03e35b60a2063c70193
- https://git.kernel.org/stable/c/e4c06479d7059888adf2f22bc1ebcf053bf691a2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.