Linux Kernel Incorrect Resource Transfer Between Spheres Vulnerability
Details
CVSS v3
7.8
NVD published
2026-04-22 09:16:21
CISA date
2026-05-01
EPSS
4.1% probability · 88.6th percentile — 2026-05-12
Affected versions
Linux kernel versions containing commit 72548b093ee3 in the crypto algif_aead component
Summary
This vulnerability is an incorrect resource transfer issue in the Linux kernel's crypto algif_aead subsystem. The flaw stems from problematic in-place operation logic that can lead to local privilege escalation or system instability. A full fix is available via a kernel commit that reverts the problematic changes.
Remediation
Apply the official Linux kernel security update that includes the fix for this vulnerability. Test the update and deploy it to all affected Linux systems as soon as possible to address the flaw.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.