CVE-2026-52932
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk26th percentile - higher than 26% of all known CVEs
Summary
In the Linux kernel xfrm/ipcomp module, a vulnerability was found where destination pages are not freed on asynchronous compression (acomp) errors. This causes a memory leak because the destination SG list is not cleaned up on failure.
Risk Assessment
The organization risks kernel memory exhaustion from repeated IPComp compression errors, potentially leading to denial of service (DoS) on IPsec-enabled servers.
Recommendation
Apply the Linux kernel patch that moves the out_free_req label to ensure proper freeing of destination pages on acomp errors.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the out_free_req label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success.

