9.8

CVE-2026-53055

crypto: hisilicon/sec2 - prevent req used-after-free for sec

In the Linux kernel, the following vulnerability has been resolved:

crypto: hisilicon/sec2 - prevent req used-after-free for sec

During packet transmission, if the system is under heavy load,
the hardware might complete processing the packet and free the
request memory (req) before the transmission function finishes.
If the software subsequently accesses this req, a use-after-free
error will occur. The qp_ctx memory exists throughout the packet
sending process, so replace the req with the qp_ctx.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version f0ae287c50455f7be0d8dd45a803d403c7aa4d2e
Version < b375c3c7209cc59e40e97998aa9bc768369cca0e
Status affected
Version f0ae287c50455f7be0d8dd45a803d403c7aa4d2e
Version < ad73563f3a1edbfddf2724136c6a15826b354e18
Status affected
Version f0ae287c50455f7be0d8dd45a803d403c7aa4d2e
Version < 67b53a660e6bf0da2fa8d8872e897a14d8059eaf
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 6.17
Status affected
Version 0
Version < 6.17
Status unaffected
Version <= 6.18.*
Version 6.18.33
Status unaffected
Version <= 7.0.*
Version 7.0.10
Status unaffected
Version <= *
Version 7.1
Status unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.44% 0.349
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/b375c3c7209cc59e40e97998aa9bc768369cca0e
https://git.kernel.org/stable/c/ad73563f3a1edbfddf2724136c6a15826b354e18
https://git.kernel.org/stable/c/67b53a660e6bf0da2fa8d8872e897a14d8059eaf