Volerion logoVolerion
Volerion logoVolerion

Linux Kernel AF_ALG RX Scatterlist Extraction Vulnerability

Vulnerability

A vulnerability in the Linux kernel's AF_ALG crypto interface has been addressed. The issue allowed the RX scatterlist extraction to exceed the available receive buffer budget, potentially leading to mismatched receive-side accounting. The vulnerability was present in the stable versions of the Linux kernel.

Impact

The vulnerability could cause incorrect accounting of received data, allowing for potential memory management issues in cryptographic operations.

Reproduction

The vulnerability could be reproduced by using the AF_ALG interface with a socket that has a limited receive buffer. When the RX scatterlist extraction is performed, the operation could inadvertently exceed the available buffer budget, causing an imbalance in data accounting.

Remediation

Users can update to the latest stable version of the Linux kernel, where this vulnerability has been fixed.

Added: Apr 25, 2026, 9:24 AM
Updated: Apr 25, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
6.7
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.