Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: atmel-sha204a - Fix OOM ->tfm_count leak

If memory allocation fails, decrement ->tfm_count to avoid blocking
future reads.
Published: 2026-04-03
Score: n/a
EPSS: n/a
KEV: No
Impact: Potential availability impact due to blocking read operations in the Atmel SHA-204a driver
Action: Apply Patch
AI Analysis

Impact

The Atmel SHA-204a cryptographic driver in the Linux kernel contains an out‑of‑memory handling bug. If a memory allocation fails, the driver does not decrement the internal TFM count, which can lead to a leak of that counter and cause future read operations to block. The defect does not expose user data but can degrade system availability by stalling cryptographic operations.

Affected Systems

All Linux kernel builds that include the Atmel SHA-204a driver before the patch are affected. The driver is part of the default kernel tree, so any distribution or custom kernel that compiles this component is vulnerable. No specific version numbers are listed, so treat all pre‑patch releases as at risk.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in the KEV catalog, suggesting limited exploitation. Exploitation would require triggering an out‑of‑memory condition within the kernel—a scenario typically confined to privileged or local contexts with constrained memory. The impact is primarily an availability issue; the likelihood of successful exploitation in the wild is considered low, but a successful trigger could reduce system responsiveness.

Generated by OpenCVE AI on April 3, 2026 at 19:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that includes the fix for the Atmel SHA-204a driver
  • If using a custom kernel, backport the commit referenced in the linked sources
  • Verify that the atmel-sha204a module is compiled and loaded correctly after the update
  • Monitor kernel logs for cryptographic errors that might indicate OOM conditions
  • Ensure that the system has sufficient free memory to avoid triggering the bug

Generated by OpenCVE AI on April 3, 2026 at 19:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-357

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads.
Title crypto: atmel-sha204a - Fix OOM ->tfm_count leak
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-03T15:15:56.789Z

Reserved: 2026-03-09T15:48:24.085Z

Link: CVE-2026-31391

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-03T16:16:37.123

Modified: 2026-04-03T16:16:37.123

Link: CVE-2026-31391

cve-icon Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-31391 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:15:35Z

Weaknesses