CVE-2026-46019 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with
ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the
first page using free_page(), leaking the remaining 3 pages. Use
free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`bbe628ed897d728d38c4035381d12b2f308fac6f`	affected	< b63f1e2f0e319ad3fe4a58eb3db4fd50cc98baca
`bbe628ed897d728d38c4035381d12b2f308fac6f`	affected	< 65b3589d39d05699c3850202f8333e5361033ea3
`bbe628ed897d728d38c4035381d12b2f308fac6f`	affected	< 61516b4a5b2647dc3f8f67b5dffaf038be997511
`bbe628ed897d728d38c4035381d12b2f308fac6f`	affected	< 230ad8a78fe67266b1ba4685da1abdd61471c5b8
`bbe628ed897d728d38c4035381d12b2f308fac6f`	affected	< 3fcfff4ed35f963380a68741bcd52742baff7f76

Linux

affected

Version	Status	Constraints
`4.5`	affected	—
`0`	unaffected	< 4.5
`6.6.140`	unaffected	≤ 6.6.*
`6.12.86`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

No data.

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/230ad8a78fe67266b1ba4685da1abdd61471c5b8
https://git.kernel.org/stable/c/3fcfff4ed35f963380a68741bcd52742baff7f76
https://git.kernel.org/stable/c/61516b4a5b2647dc3f8f67b5dffaf038be997511
https://git.kernel.org/stable/c/65b3589d39d05699c3850202f8333e5361033ea3
https://git.kernel.org/stable/c/b63f1e2f0e319ad3fe4a58eb3db4fd50cc98baca

History

Wed, 27 May 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page using free_page(), leaking the remaining 3 pages. Use free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.
Title		crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/230ad8a78fe67266b1ba4685da1abdd61471c5b8 https://git.kernel.org/stable/c/3fcfff4ed35f963380a68741bcd52742baff7f76 https://git.kernel.org/stable/c/61516b4a5b2647dc3f8f67b5dffaf038be997511 https://git.kernel.org/stable/c/65b3589d39d05699c3850202f8333e5361033ea3 https://git.kernel.org/stable/c/b63f1e2f0e319ad3fe4a58eb3db4fd50cc98baca

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:56:21.100Z

Updated: 2026-05-27T12:56:21.100Z

Reserved: 2026-05-13T15:03:33.092Z

Link: CVE-2026-46019

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:20.353

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46019

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T18:45:39Z

Weaknesses

CWE-401

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object