In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HAmazon Linux
OSAmazonwszystkie wersjeArista Cloudvision Agni
APPArista2024.4.0 – 2025.2.2Arista Cloudvision Portal
APPArista2024.2.0 – 2026.1.0Arista Netvisor Os
OSArista7.1.0< 7.1.0Arista Velocloud Edge
APPArista4.5.0 – 6.4.1Arista Velocloud Gateway
APPAristawszystkie wersjeCanonical Ubuntu
OSCanonicalwszystkie wersjeDebian
OSDebian11.012.013.0Linux Kernel
OSLinux7.06.13 – 6.18.22 (bez)6.19 – 6.19.12 (bez)4.14 – 5.10.254 (bez)6.7 – 6.12.85 (bez)6.2 – 6.6.137 (bez)5.16 – 6.1.170 (bez)5.11 – 5.15.204 (bez)Nixos
OSNixos< 25.11Opensuse Leap
OSOpensuse15.315.415.515.6Red Hat Enterprise Linux
OSRedhat10.08.09.0Red Hat Enterprise Linux Aus
OSRedhat8.48.6Red Hat Enterprise Linux Eus
OSRedhat10.08.49.49.6Red Hat Enterprise Linux Tus
OSRedhat8.68.8Red Hat Enterprise Linux Update Services For Sap Solutions
OSRedhat8.68.89.09.2Red Hat OpenShift Container Platform
APPRedhat4.04.12 – 4.12.89 (bez)4.21 – 4.21.14 (bez)4.20 – 4.20.21 (bez)4.16 – 4.16.61 (bez)4.15 – 4.15.64 (bez)4.14 – 4.14.65 (bez)4.13 – 4.13.66 (bez)4.19 – 4.19.30 (bez)4.18 – 4.18.40 (bez)4.17 – 4.17.53 (bez)Siemens Simatic S7 1500 Cpu 1518 4 Pn\/dp Mfp
HWSiemenswszystkie wersjeSiemens Simatic S7 1500 Cpu 1518 4 Pn\/dp Mfp Firmware
OSSiemens≥ 3.1.5SUSE Basesystem Module
OSSuse15SUSE Caas Platform
APPSuse4.0SUSE Development Tools Module
OSSuse15SUSE Enterprise Storage
APPSuse6.07.07.1SUSE Legacy Module
OSSuse15SUSE Linux Enterprise Desktop
OSSuse111215SUSE Linux Enterprise High Availability Extension
OSSuse1516.0SUSE Linux Enterprise High Performance Computing
OSSuse15.0SUSE Linux Enterprise Live Patching
OSSuse1215SUSE Linux Enterprise Micro
OSSuse5.05.15.25.35.45.5SUSE Linux Enterprise Real Time
OSSuse15.0
CISA KEV — detailsi
- Vendori
- Linux
- Producti
- Kernel
- Added to KEVi
- May 1, 2026
- Remediation deadline (US Federal)i
- May 15, 2026(overdue)
"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel contains an incorrect resource transfer between spheres vulnerability that could allow for privilege escalation.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP