CVE Catalog

CVE-2026-46077

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability related to DMA synchronization in the atmel-tdes module has been fixed in the Linux kernel. Incorrect use of the sync direction may lead to stale cache data being returned on non-coherent platforms.

Risk Assessment

Organizations may be exposed to exploitation of this vulnerability, potentially leading to application malfunctions and data leaks.

Recommendation

It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability and ensure proper DMA synchronization.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, ->dma_addr_out must be synced with dma_sync_single_for_cpu() instead of dma_sync_single_for_device(). Using the wrong direction can return stale cache data on non-coherent platforms.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS