Skip to main content

Linux Kernel CVE-2026-46019

| EUVDEUVD-2026-32400 MEDIUM
Memory Leak (CWE-401)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-ff85-hq6w-7g2w
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only driver memory leak requires low-privileged local access; exclusively an availability impact with no data exposure or scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 16:01 vuln.today
CVSS changed
Jun 16, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page using free_page(), leaking the remaining 3 pages. Use free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.

AnalysisAI

The atmel-aes crypto driver in the Linux kernel leaks 3 pages of kernel memory per cleanup cycle due to a mismatch between allocation and deallocation functions: atmel_aes_buff_init() allocates 4 contiguous pages via __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only a single page via free_page() instead of the correct free_pages(). Systems running on Atmel/Microchip ARM SoC hardware with this driver loaded are vulnerable to gradual kernel memory exhaustion leading to denial of service. No public exploit code exists and no active exploitation has been confirmed; the EPSS score of 0.02% (5th percentile) reflects the extremely narrow hardware-specific attack surface, and vendor-released patches are available across multiple stable kernel branches.

Technical ContextAI

The vulnerability resides in drivers/crypto/atmel-aes.c within the Linux kernel's crypto subsystem, specifically in the buffer management functions for the Atmel hardware AES accelerator found on Microchip SAM-family ARM SoCs. The __get_free_pages() call with ATMEL_AES_BUFFER_ORDER allocates a power-of-two contiguous page block (effectively 4 pages = 16 KB), but the cleanup counterpart used free_page() - a single-page deallocator - rather than the matching free_pages() with the same order argument. CWE-401 (Missing Release of Memory after Effective Lifetime) precisely classifies the root cause: memory is allocated, used, and the lifetime ends at cleanup, but the release is incomplete. The CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* confirms the affected component is the mainline Linux kernel. The bug was introduced at commit bbe628ed897d728d38c4035381d12b2f308fac6f and has been backported-patched across the 6.6, 6.12, 6.18, 7.0, and 7.1 stable series.

RemediationAI

The primary fix is to upgrade to a patched stable kernel release: 6.6.140, 6.12.86, 6.18.27, or 7.0.4 (7.1-rc1 for mainline tracking). The upstream fix commits are available at the kernel stable git repository, including https://git.kernel.org/stable/c/3fcfff4ed35f963380a68741bcd52742baff7f76 and https://git.kernel.org/stable/c/230ad8a78fe67266b1ba4685da1abdd61471c5b8, among others listed in the NVD references. For systems where immediate kernel upgrade is not feasible, blacklisting the atmel_aes module via 'echo blacklist atmel_aes >> /etc/modprobe.d/atmel-aes.conf' and unloading the current instance with 'modprobe -r atmel_aes' will prevent the memory leak entirely; the trade-off is loss of hardware-accelerated AES on the affected SoC, with the kernel transparently falling back to software AES via the generic crypto stack at some performance cost. No confidentiality or integrity risk requires urgent emergency patching outside of normal maintenance cycles.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-46019 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy