CVE Catalog

CVE-2026-52932

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile - higher than 26% of all known CVEs

Summary

In the Linux kernel xfrm/ipcomp module, a vulnerability was found where destination pages are not freed on asynchronous compression (acomp) errors. This causes a memory leak because the destination SG list is not cleaned up on failure.

Risk Assessment

The organization risks kernel memory exhaustion from repeated IPComp compression errors, potentially leading to denial of service (DoS) on IPsec-enabled servers.

Recommendation

Apply the Linux kernel patch that moves the out_free_req label to ensure proper freeing of destination pages on acomp errors.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the out_free_req label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS