CVE Catalog

CVE-2026-53055

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

In the Linux kernel's hisilicon/sec2 crypto driver, a use-after-free vulnerability was found. Under heavy system load, hardware may complete packet processing and free the request memory (req) before the transmission function finishes, causing an error. The fix replaces the req pointer with the qp_ctx structure, which persists throughout the packet sending process.

Risk Assessment

This vulnerability could cause a kernel panic or potentially allow arbitrary code execution in kernel context, posing a serious risk to system stability and security.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit in Linus' tree or a distribution backport). A system reboot is required after the update.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec2 - prevent req used-after-free for sec During packet transmission, if the system is under heavy load, the hardware might complete processing the packet and free the request memory (req) before the transmission function finishes. If the software subsequently accesses this req, a use-after-free error will occur. The qp_ctx memory exists throughout the packet sending process, so replace the req with the qp_ctx.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS