CVE-2026-31746 - Vulnerability Details

- s390/zcrypt: Fix memory leak with CCA cards used as accelerator

Description

In the Linux kernel, the following vulnerability has been resolved:

s390/zcrypt: Fix memory leak with CCA cards used as accelerator

Tests showed that there is a memory leak if CCA cards are used as
accelerator for clear key RSA requests (ME and CRT). With the last
rework for the memory allocation the AP messages are allocated by
ap_init_apmsg() but for some reason on two places (ME and CRT) the
older allocation was still in place. So the first allocation simple
was never freed.

Published: 2026-05-01

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel for the s390 architecture, a memory leak exists in the zcrypt subsystem when CCA cards are employed as accelerators for clear‑key RSA requests using the ME and CRT modes. The flaw occurs because a prior allocation performed by ap_init_apmsg() is never deallocated in these code paths, causing persistent kernel memory usage each time such requests are processed. The result is uncontrolled consumption of kernel RAM, which can lead to system instability or a complete denial of service as memory resources are exhausted.

Affected Systems

Systems running a Linux kernel on s390 hardware that utilize CCA card acceleration for RSA clear‑key operations are affected. The specific kernel versions are not listed in the advisory, but any build that incorporates the unpatched zcrypt code for ME or CRT pathways may be vulnerable.

Risk and Exploitability

The CVSS score is not provided, and the EPSS metric is unavailable, which suggests the current publicly known exploitation likelihood is uncertain. Nonetheless, because the vulnerability can be triggered by normal kernel operation of zcrypt via user‑space applications that initiate clear‑key RSA requests, an attacker who can force repeated requests could deplete kernel memory and cause a denial of service. The flaw is listed as not being part of the CISA KEV catalog, indicating no known active exploitation but still a significant risk if the vulnerability is present.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`57db62a130ce69e6f3a870cf1119d8f860391f97`	affected	< 586222c37d4027dbf60a604fbe820184fee7c1c9
`57db62a130ce69e6f3a870cf1119d8f860391f97`	affected	< ace37bfec3822033e59fff390f2ff99fc96ebe4f
`57db62a130ce69e6f3a870cf1119d8f860391f97`	affected	< c8d46f17c2fc7d25c18e60c008928aecab26184d

Linux

affected

Version	Status	Constraints
`6.16`	affected	—
`0`	unaffected	< 6.16
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[57db62a130ce69e6f3a870cf1119d8f860391f97,586222c37d4027dbf60a604fbe820184fee7c1c9)`	affected	code_commit	—
`[57db62a130ce69e6f3a870cf1119d8f860391f97,ace37bfec3822033e59fff390f2ff99fc96ebe4f)`	affected	code_commit	—
`[57db62a130ce69e6f3a870cf1119d8f860391f97,c8d46f17c2fc7d25c18e60c008928aecab26184d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.16`	affected	generic	—
`[0,6.16)`	unaffected	generic	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that incorporates the zcrypt memory‑leak fix (commit 586222c37d4027dbf60a604fbe820184fee7c1c9).
Reboot the system so that the patched kernel and zcrypt module are loaded.
Monitor kernel memory usage related to zcrypt operations to confirm the leak has been eliminated.

Generated by OpenCVE AI on May 2, 2026 at 10:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/586222c37d4027dbf60a604fbe820184fee7c1c9
https://git.kernel.org/stable/c/ace37bfec3822033e59fff390f2ff99fc96ebe4f
https://git.kernel.org/stable/c/c8d46f17c2fc7d25c18e60c008928aecab26184d
https://lore.kernel.org/linux-cve-announce/2026050141-CVE-2026-31746-82d7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-31746
https://www.cve.org/CVERecord?id=CVE-2026-31746

History

Sat, 02 May 2026 10:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Sat, 02 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-772
References		https://lore.kernel.org/linux-cve-announce/2026050141-CVE-2026-31746-82d7@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-31746 https://www.cve.org/CVERecord?id=CVE-2026-31746

Fri, 01 May 2026 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Fri, 01 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: Fix memory leak with CCA cards used as accelerator Tests showed that there is a memory leak if CCA cards are used as accelerator for clear key RSA requests (ME and CRT). With the last rework for the memory allocation the AP messages are allocated by ap_init_apmsg() but for some reason on two places (ME and CRT) the older allocation was still in place. So the first allocation simple was never freed.
Title		s390/zcrypt: Fix memory leak with CCA cards used as accelerator
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/586222c37d4027dbf60a604fbe820184fee7c1c9 https://git.kernel.org/stable/c/ace37bfec3822033e59fff390f2ff99fc96ebe4f https://git.kernel.org/stable/c/c8d46f17c2fc7d25c18e60c008928aecab26184d

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-01T14:14:40.196Z

Updated: 2026-05-01T14:14:40.196Z

Reserved: 2026-03-09T15:48:24.138Z

Link: CVE-2026-31746

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:37.363

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-31746

Redhat

Severity :

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-31746 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-02T10:30:40Z

Weaknesses

CWE-772

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object