{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-46028", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-13T15:03:33.093Z", "datePublished": "2026-05-27T12:56:36.847Z", "dateUpdated": "2026-05-27T12:56:36.847Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-27T12:56:36.847Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - snapshot IV for async AEAD requests\n\nAF_ALG AEAD AIO requests currently use the socket-wide IV buffer during\nrequest processing. For async requests, later socket activity can\nupdate that shared state before the original request has fully\ncompleted, which can lead to inconsistent IV handling.\n\nSnapshot the IV into per-request storage when preparing the AEAD\nrequest, so in-flight operations no longer depend on mutable socket\nstate."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/algif_aead.c"], "versions": [{"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "08ea39a556ecd39b33c2b4888861001c6706a62e", "status": "affected", "versionType": "git"}, {"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "a920cabdb0b7cf1f4e11a20524253ae5bd09092b", "status": "affected", "versionType": "git"}, {"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "fa0fcec9b49d58e71df7ede91ecd86855f608e85", "status": "affected", "versionType": "git"}, {"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "c2138c9bd02af19e0b407376140cd5435b0d81da", "status": "affected", "versionType": "git"}, {"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "46fdb39e83227b5d39f7c934a0947ea913f13c18", "status": "affected", "versionType": "git"}, {"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "ebc235675f24b0e3f8bc92b8419471d42f837d8f", "status": "affected", "versionType": "git"}, {"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "3d72f8c6490dc79210b64270740cb2a8619361a4", "status": "affected", "versionType": "git"}, {"version": "d887c52d6ae43aeebd249b5f2f1333e60236aa60", "lessThan": "5aa58c3a572b3e3b6c786953339f7978b845cc52", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/algif_aead.c"], "versions": [{"version": "4.14", "status": "affected"}, {"version": "0", "lessThan": "4.14", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.254", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.204", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.170", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.137", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.85", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.27", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.4", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.10.254"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "5.15.204"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.1.170"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.6.137"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.12.85"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "6.18.27"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "7.0.4"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14", "versionEndExcluding": "7.1-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/08ea39a556ecd39b33c2b4888861001c6706a62e"}, {"url": "https://git.kernel.org/stable/c/a920cabdb0b7cf1f4e11a20524253ae5bd09092b"}, {"url": "https://git.kernel.org/stable/c/fa0fcec9b49d58e71df7ede91ecd86855f608e85"}, {"url": "https://git.kernel.org/stable/c/c2138c9bd02af19e0b407376140cd5435b0d81da"}, {"url": "https://git.kernel.org/stable/c/46fdb39e83227b5d39f7c934a0947ea913f13c18"}, {"url": "https://git.kernel.org/stable/c/ebc235675f24b0e3f8bc92b8419471d42f837d8f"}, {"url": "https://git.kernel.org/stable/c/3d72f8c6490dc79210b64270740cb2a8619361a4"}, {"url": "https://git.kernel.org/stable/c/5aa58c3a572b3e3b6c786953339f7978b845cc52"}], "title": "crypto: algif_aead - snapshot IV for async AEAD requests", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - snapshot IV for async AEAD requests\n\nAF_ALG AEAD AIO requests currently use the socket-wide IV buffer during\nrequest processing. For async requests, later socket activity can\nupdate that shared state before the original request has fully\ncompleted, which can lead to inconsistent IV handling.\n\nSnapshot the IV into per-request storage when preparing the AEAD\nrequest, so in-flight operations no longer depend on mutable socket\nstate."}], "id": "CVE-2026-46028", "lastModified": "2026-05-27T14:48:03.013", "metrics": {}, "published": "2026-05-27T14:17:21.420", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/08ea39a556ecd39b33c2b4888861001c6706a62e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d72f8c6490dc79210b64270740cb2a8619361a4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/46fdb39e83227b5d39f7c934a0947ea913f13c18"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5aa58c3a572b3e3b6c786953339f7978b845cc52"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a920cabdb0b7cf1f4e11a20524253ae5bd09092b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c2138c9bd02af19e0b407376140cd5435b0d81da"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ebc235675f24b0e3f8bc92b8419471d42f837d8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/fa0fcec9b49d58e71df7ede91ecd86855f608e85"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{"created": "2026-05-27T21:30:34.720615+00:00", "updated": "2026-05-27T21:30:34.720626+00:00", "vendors": [], "weaknesses": ["CWE-362", "CWE-1344"]}