CVE-2026-52972

Source
https://cve.org/CVERecord?id=CVE-2026-52972
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52972.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52972
Downstream
Related
Published
2026-06-24T16:28:50.425Z
Modified
2026-07-09T10:14:57.088482750Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
crypto: af_alg - Cap AEAD AD length to 0x80000000
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Cap AEAD AD length to 0x80000000

In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52972.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
400c40cf78da00c16e561a3a253ca272455c42ef
Fixed
f8a5203596797f394ff3f9aa4005597a92249802
Fixed
a9f68d9ed38dd6e5a6c6d75b03d25c1c133e321d
Fixed
a4fe4eb580bbc7439f649a496d4cf38415a4021c
Fixed
e4c4a5074532eaaa14951994a3aad0d479aa7431
Fixed
265ac26d1c5e17b34d497cbda1f754a1ec8552bc
Fixed
a1c5672faf8e93e38c2deac3979cc767ca5cf918
Fixed
97948906dc8e0ea84775e03e35b60a2063c70193
Fixed
e4c06479d7059888adf2f22bc1ebcf053bf691a2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52972.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.1.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52972.json"