CVE-2026-46019 PUBLISHED

crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page using free_page(), leaking the remaining 3 pages. Use free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from bbe628ed897d728d38c4035381d12b2f308fac6f to b63f1e2f0e319ad3fe4a58eb3db4fd50cc98baca (excl.)
  • affected from bbe628ed897d728d38c4035381d12b2f308fac6f to 65b3589d39d05699c3850202f8333e5361033ea3 (excl.)
  • affected from bbe628ed897d728d38c4035381d12b2f308fac6f to 61516b4a5b2647dc3f8f67b5dffaf038be997511 (excl.)
  • affected from bbe628ed897d728d38c4035381d12b2f308fac6f to 230ad8a78fe67266b1ba4685da1abdd61471c5b8 (excl.)
  • affected from bbe628ed897d728d38c4035381d12b2f308fac6f to 3fcfff4ed35f963380a68741bcd52742baff7f76 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 4.5 is affected
  • unaffected from 0 to 4.5 (excl.)
  • unaffected from 6.6.140 to 6.6.* (incl.)
  • unaffected from 6.12.86 to 6.12.* (incl.)
  • unaffected from 6.18.27 to 6.18.* (incl.)
  • unaffected from 7.0.4 to 7.0.* (incl.)
  • unaffected from 7.1-rc1 to * (incl.)

References