Skip to main content

Linux Kernel CVE-2026-52932

| EUVDEUVD-2026-38702 HIGH
2026-06-24 Linux GHSA-jvgr-44j9-74mp
7.5
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
3.7 LOW

Reachable over network via IPsec but only with IPComp enabled and repeated acomp errors (AC:H), unauthenticated (PR:N), and per-error leak yields gradual partial DoS (A:L).

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 08:26 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.5 (HIGH)
Patch available
Jun 24, 2026 - 09:16 EUVD
CVE Published
Jun 24, 2026 - 07:14 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 24, 2026 - 07:14 cve.org
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

xfrm: ipcomp: Free destination pages on acomp errors

Move the out_free_req label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success.

AnalysisAI

Memory leak in the Linux kernel's xfrm IPComp (IP Payload Compression) code allows resource exhaustion because the destination scatter-gather page list is not freed when an asynchronous compression (acomp) operation fails. Affecting Linux 6.15 through the fixed stable releases, the flaw lets repeated compression errors progressively consume kernel memory, with CVSS scoring only availability impact (A:H). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach IPComp-enabled IPsec endpoint
Delivery
Send payloads triggering acomp errors
Exploit
Leak destination SG pages per error
Execution
Repeat to exhaust kernel memory
Impact
Denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target host uses IPsec with IPComp (IP Payload Compression) enabled - the vulnerable code path only runs when xfrm ipcomp processes compressed payloads via the asynchronous acomp crypto API. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are consistent toward LOW real-world priority despite the 7.5 'High' CVSS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can drive IPsec traffic through an IPComp-enabled tunnel sends payloads that repeatedly cause the asynchronous compression backend to fail, leaking destination page allocations on each error. Sustained over time, this exhausts kernel memory and degrades or crashes the host (denial of service). …
Remediation Vendor-released patch: upgrade to a fixed stable kernel - 6.18.35, 7.0.12, or 7.1 (or later) - which contain the corrected out_free_req cleanup, per the stable commits at https://git.kernel.org/stable/c/dc6dcba80d72a27ab61831ad3d253316e0c9b9d5, https://git.kernel.org/stable/c/b30aa173c3809f6af4c83a86099be1be19aa48eb, and https://git.kernel.org/stable/c/7dbac7680eb629b3b4dc7e98c34f943b8814c0c8. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify production systems running Linux 6.15 and determine whether IPComp is enabled. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52932 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy