CVE Catalog

CVE-2026-52936

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile - higher than 2% of all known CVEs

Summary

In the Linux kernel, the jitterentropy crypto mechanism replaced a long-held spinlock with a mutex. Previously, the spinlock was held during expensive entropy generation and SHA3 conditioning, causing CPU stalls for parallel readers.

Risk Assessment

The organization may experience performance degradation and latency in systems using jitterentropy when multiple processes request random data simultaneously, potentially leading to CPU overload and increased response times.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing this fix to avoid performance issues and potential system lockups.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: jitterentropy - replace long-held spinlock with mutex jent_kcapi_random() serializes the shared jitterentropy state, but it currently holds a spinlock across the jent_read_entropy() call. That path performs expensive jitter collection and SHA3 conditioning, so parallel readers can trigger stalls as contending waiters spin for the same lock. To prevent non-preemptible lock hold, replace rng->jent_lock with a mutex so contended readers sleep instead of spinning on a shared lock held across expensive entropy generation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS