CVE-2026-52972

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Cap AEAD AD length to 0x80000000

In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < f8a5203596797f394ff3f9aa4005597a92249802affected
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < a9f68d9ed38dd6e5a6c6d75b03d25c1c133e321daffected
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < a4fe4eb580bbc7439f649a496d4cf38415a4021caffected
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < e4c4a5074532eaaa14951994a3aad0d479aa7431affected
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < 265ac26d1c5e17b34d497cbda1f754a1ec8552bcaffected
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < a1c5672faf8e93e38c2deac3979cc767ca5cf918affected
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < 97948906dc8e0ea84775e03e35b60a2063c70193affected
LinuxLinux400c40cf78da00c16e561a3a253ca272455c42ef < e4c06479d7059888adf2f22bc1ebcf053bf691a2affected
LinuxLinux4.1affected
LinuxLinux0 < 4.1unaffected
LinuxLinux5.10.258 <= 5.10.*unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.141 <= 6.6.*unaffected
LinuxLinux6.12.91 <= 6.12.*unaffected
LinuxLinux6.18.33 <= 6.18.*unaffected
LinuxLinux7.0.10 <= 7.0.*unaffected
LinuxLinux7.2-rc1 <= *unaffected

Weaknesses

ADP Enrichment

kernel: crypto: af_alg - Cap AEAD AD length to 0x80000000

Additional References

References