CVE Catalog

CVE-2026-52972

HighCVSS 7.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile — higher than 4% of all known CVEs

Summary

In the Linux kernel, the af_alg crypto module lacks a cap on the associated data (AD) length for AEAD algorithms, potentially causing arithmetic overflow when checking the TX buffer size.

Risk Assessment

The risk for the organization includes potential system instability or unexpected kernel behavior during cryptographic operations, which could affect data integrity and service availability.

Recommendation

Immediately update the Linux kernel to a version containing the fix that caps AD length to 0x80000000. Monitor security advisories from your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS