Description
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.
Published: 2026-03-25
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

cryptodev-linux drivers version 1.14 and earlier contain a page reference handling flaw in the get_userbuf function. The error allows the driver to decrement reference counts of pages multiple times, resulting in a use‑after‑free condition. This flaw is mapped to CWE‑416 and can be exploited by a local user to gain elevated privileges on the system.

Affected Systems

The vulnerability affects the cryptodev-linux package from the cryptodev-linux vendor. Any installation of cryptodev-linux version 1.14 or earlier is impacted. The driver exposes its functionality through the /dev/crypto interface, which is commonly used by local applications for cryptographic operations.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity condition. Although the EPSS score is not available, the lack of a CISA KEV listing does not diminish the potential for exploitation. Attackers only need local access to the /dev/crypto interface, a condition that is likely satisfied on most systems using the driver. Successful exploitation results in local privilege escalation, potentially allowing the attacker to execute arbitrary code with elevated permissions.

Generated by OpenCVE AI on March 25, 2026 at 14:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to cryptodev-linux version 1.15 or later, if available. If a newer release is not yet available, apply the patch referenced in the pull request linked in the advisory.

Generated by OpenCVE AI on March 25, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Cryptodev-linux
Cryptodev-linux cryptodev-linux
Vendors & Products Cryptodev-linux
Cryptodev-linux cryptodev-linux

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Description cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.
Title cryptodev-linux <= 1.14 get_userbuf Use After Free LPE
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Cryptodev-linux Cryptodev-linux
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T13:48:53.136Z

Reserved: 2026-02-27T21:07:55.468Z

Link: CVE-2026-28529

cve-icon Vulnrichment

Updated: 2026-03-25T13:48:12.300Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T14:16:33.690

Modified: 2026-03-25T15:41:33.977

Link: CVE-2026-28529

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T11:43:14Z

Weaknesses