CVE-2026-31739 - Vulnerability Details

- crypto: tegra - Add missing CRYPTO_ALG_ASYNC

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: tegra - Add missing CRYPTO_ALG_ASYNC

The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its
asynchronous algorithms, causing the crypto API to select them for users
that request only synchronous algorithms. This causes crashes (at
least). Fix this by adding the flag like what the other drivers do.
Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just
get ignored and overridden by the registration function anyway.

Published: 2026-05-01

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The tegra crypto driver failed to mark its asynchronous algorithms with the CRYPTO_ALG_ASYNC flag. Because of this omission the Linux kernel’s crypto API mistakenly directed synchronous requests to those async algorithms, which caused kernel crashes. The resulting denial of service can bring down any process that relies on the synchronous crypto path, potentially destabilizing services and the entire system.

Affected Systems

The flaw is confined to the Linux kernel’s tegra crypto driver, which is used on NVIDIA Tegra platforms. All kernel releases that contain the driver before the patch commits listed in the supplied references are affected. Any system running an unpatched kernel with this driver is vulnerable.

Risk and Exploitability

No CVSS score is supplied and the EPSS score is unavailable, but the vulnerability is not listed in the CISA KEV catalog and no public exploits are known. The crash requires an attacker to successfully issue a synchronous crypto request that the kernel misroutes to an async algorithm, a scenario that would normally need local or privileged kernel access. Consequently, the risk is moderate and primarily a denial‑of‑service concern rather than a remote code execution vector.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`0880bb3b00c855fc244b7177ffdaafef4d0aa1e0`	affected	< bdbf027a4504b4a86740de6beb6d18a957331839
`0880bb3b00c855fc244b7177ffdaafef4d0aa1e0`	affected	< 3aea268b6d5cde3b087df9eeecc3bc620aa09513
`0880bb3b00c855fc244b7177ffdaafef4d0aa1e0`	affected	< 429d05565eb19ee545d8a8395991372adbe4daf3
`0880bb3b00c855fc244b7177ffdaafef4d0aa1e0`	affected	< 4b56770d345524fc2acc143a2b85539cf7d74bc1

Linux

affected

Version	Status	Constraints
`6.10`	affected	—
`0`	unaffected	< 6.10
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[0880bb3b00c855fc244b7177ffdaafef4d0aa1e0,bdbf027a4504b4a86740de6beb6d18a957331839)`	affected	code_commit	—
`[0880bb3b00c855fc244b7177ffdaafef4d0aa1e0,3aea268b6d5cde3b087df9eeecc3bc620aa09513)`	affected	code_commit	—
`[0880bb3b00c855fc244b7177ffdaafef4d0aa1e0,429d05565eb19ee545d8a8395991372adbe4daf3)`	affected	code_commit	—
`[0880bb3b00c855fc244b7177ffdaafef4d0aa1e0,4b56770d345524fc2acc143a2b85539cf7d74bc1)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.10`	affected	generic	—
`[0,6.10)`	unaffected	generic	—
`[6.12.81,6.13.0)`	unaffected	generic	—
`[6.18.22,6.19.0)`	unaffected	generic	—
`[6.19.12,6.20.0)`	unaffected	generic	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel that includes the tegra driver patch references c3aea268b, 429d0556, 4b56770d, and bdbf027a
Verify the kernel configuration enables the tegra crypto driver and that the CRYPTO_ALG_ASYNC flag is set for all asynchronous algorithms
If a kernel update is not immediately available, restrict or disable use of synchronous crypto calls that might trigger the crash, or disable the tegra crypto module if it is not required for your workloads

Generated by OpenCVE AI on May 1, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3aea268b6d5cde3b087df9eeecc3bc620aa09513
https://git.kernel.org/stable/c/429d05565eb19ee545d8a8395991372adbe4daf3
https://git.kernel.org/stable/c/4b56770d345524fc2acc143a2b85539cf7d74bc1
https://git.kernel.org/stable/c/bdbf027a4504b4a86740de6beb6d18a957331839
https://lore.kernel.org/linux-cve-announce/2026050139-CVE-2026-31739-4bc1@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31739
https://www.cve.org/CVERecord?id=CVE-2026-31739

History

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-166
References		https://lore.kernel.org/linux-cve-announce/2026050139-CVE-2026-31739-4bc1@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31739 https://www.cve.org/CVERecord?id=CVE-2026-31739
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Sat, 02 May 2026 00:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-746

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This causes crashes (at least). Fix this by adding the flag like what the other drivers do. Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just get ignored and overridden by the registration function anyway.
Title		crypto: tegra - Add missing CRYPTO_ALG_ASYNC
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3aea268b6d5cde3b087df9eeecc3bc620aa09513 https://git.kernel.org/stable/c/429d05565eb19ee545d8a8395991372adbe4daf3 https://git.kernel.org/stable/c/4b56770d345524fc2acc143a2b85539cf7d74bc1 https://git.kernel.org/stable/c/bdbf027a4504b4a86740de6beb6d18a957331839

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:35.551Z

Updated: 2026-05-01T14:14:35.551Z

Reserved: 2026-03-09T15:48:24.138Z

Link: CVE-2026-31739

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:36.600

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31739

Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31739 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-01T23:45:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object