CVE-2026-52972

EUVD-2026-38840
In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Cap AEAD AD length to 0x80000000

In order to prevent arithmetic overflows when checking the TX
buffer size, cap the associated data length to 0x80000000.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
vulnerable
trixie (security)
6.12.94-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/265ac26d1c5e17b34d497cbda1f754a1ec8552bc
https://git.kernel.org/stable/c/97948906dc8e0ea84775e03e35b60a2063c70193
https://git.kernel.org/stable/c/a1c5672faf8e93e38c2deac3979cc767ca5cf918
https://git.kernel.org/stable/c/a4fe4eb580bbc7439f649a496d4cf38415a4021c
https://git.kernel.org/stable/c/a9f68d9ed38dd6e5a6c6d75b03d25c1c133e321d
https://git.kernel.org/stable/c/e4c4a5074532eaaa14951994a3aad0d479aa7431
https://git.kernel.org/stable/c/f8a5203596797f394ff3f9aa4005597a92249802