Skip to main content

Linux CVE-2026-31391

| EUVDEUVD-2026-18764 MEDIUM
2026-04-03 Linux GHSA-8v35-jwfj-qhmg
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
May 26, 2026 - 13:37 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
6f502049a96b368ea6646c49d9520d6f69a101fa,2bfc83cee05f8b9604502df27d94e8e2b4a3dbf1,66ee9c1c3575b5d6afc340faca00fd40ed5b7ad9
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18764
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

crypto: atmel-sha204a - Fix OOM ->tfm_count leak

If memory allocation fails, decrement ->tfm_count to avoid blocking future reads.

AnalysisAI

Memory leak in Linux kernel atmel-sha204a cryptographic driver allows local denial of service via resource exhaustion. The vulnerability occurs when memory allocation fails during tfm_count counter management; the counter is not properly decremented, causing subsequent read operations to block indefinitely. This affects all Linux kernel versions with the vulnerable atmel-sha204a implementation until patched.

Technical ContextAI

The atmel-sha204a driver is a Linux kernel cryptographic module implementing support for the Atmel SHA-204A hardware security device. The vulnerability is a counter management issue in the tfm_count reference counter used to track active cipher transform instances. When memory allocation fails during counter operations, the cleanup path does not decrement tfm_count, causing it to remain elevated and subsequently block legitimate access to the cryptographic transform (tfm). This is a resource leak vulnerability affecting kernel memory management and driver synchronization logic.

RemediationAI

Apply kernel security patches from the upstream Linux stable tree. Patched commits are available at: git.kernel.org/stable/c/66ee9c1c3575b5d6afc340faca00fd40ed5b7ad9, git.kernel.org/stable/c/2bfc83cee05f8b9604502df27d94e8e2b4a3dbf1, git.kernel.org/stable/c/1ab70c260cf16f931a728b2cb63fff5f38c814d8, and additional backport commits. Users should update to the latest stable kernel version for their distribution that includes these fixes. For systems relying on atmel-sha204a hardware, prioritize kernel updates; systems without this specific hardware device are not vulnerable and can prioritize updates based on other CVEs.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31391 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy