Skip to main content

Linux Kernel CVE-2026-31746

| EUVDEUVD-2026-26559 MEDIUM
Memory Leak (CWE-401)
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 19:38 vuln.today
CVSS changed
May 07, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:02 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26559
CVE Published
May 01, 2026 - 14:14 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:14 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

s390/zcrypt: Fix memory leak with CCA cards used as accelerator

Tests showed that there is a memory leak if CCA cards are used as accelerator for clear key RSA requests (ME and CRT). With the last rework for the memory allocation the AP messages are allocated by ap_init_apmsg() but for some reason on two places (ME and CRT) the older allocation was still in place. So the first allocation simple was never freed.

AnalysisAI

Memory leak in Linux kernel s390/zcrypt subsystem allows local authenticated attackers to exhaust memory resources by repeatedly using CCA cards as accelerators for clear key RSA requests (ME and CRT operations). The vulnerability stems from incomplete refactoring where AP message allocations via ap_init_apmsg() are not properly freed in two code paths, causing heap memory exhaustion over time and enabling denial of service on s390 systems with CCA cryptographic hardware.

Technical ContextAI

The s390/zcrypt subsystem in the Linux kernel provides cryptographic acceleration via IBM cryptographic cards. The vulnerability exists in the s390 architecture-specific code that handles CCA (Crypto Card Adapter) operations for RSA encryption and decryption. During a recent memory allocation refactoring, the subsystem migrated AP (Adjunct Processor) message allocation to use ap_init_apmsg(). However, two specific code paths handling Modular Exponentiation (ME) and Chinese Remainder Theorem (CRT) RSA operations retained legacy memory allocation code. This results in double allocation: one from ap_init_apmsg() (which is later freed) and one from the legacy code (which is never freed), creating a memory leak. The CWE-401 (Missing Release of Memory after Effective Lifetime) classification confirms improper memory management as the root cause.

RemediationAI

Apply the upstream kernel patch immediately by upgrading to Linux 6.18.22, 6.19.12, 7.0, or later versions that include the fix (commits 586222c37d4027dbf60a604fbe820184fee7c1c9, ace37bfec3822033e59fff390f2ff99fc96ebe4f, c8d46f17c2fc7d25c18e60c008928aecab26184d). For s390 systems unable to upgrade immediately, implement these compensating controls: restrict RSA acceleration via CCA cards by disabling the AP (Adjunct Processor) driver if not essential for operations (modprobe -r ap), or administratively restrict local user access to cryptographic acceleration APIs through SELinux or AppArmor policies. Monitor memory usage on affected systems; if memory exhaustion is detected, restart the kernel subsystem or reboot to clear leaked memory. Each workaround trades functionality for stability - disabling AP removes cryptographic hardware acceleration entirely, degrading RSA operation performance. Patches are available from kernel.org stable branches; no vendor-specific advisory URLs are documented.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-31746 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy