Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with
ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the
first page using free_page(), leaking the remaining 3 pages. Use
free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A kernel driver responsible for the atmel-aes cipher incorrectly releases only one of four allocated pages, leaking three kernel pages per use. The flaw is a heap‑based resource leak (CWE‑763) and can accumulate until physical memory is exhausted, potentially crashing the system or causing a denial of service.

Affected Systems

The issue resides in the Linux kernel’s atmel-aes driver. No specific release range is listed, but any kernel that contains the driver code prior to the corrections in the referenced commits is susceptible.

Risk and Exploitability

The vulnerability could be exploited by local code that repeatedly calls the atmel‑aes functionality, leading to progressive memory exhaustion. No CVSS score or EPSS metric is available, and the flaw is not currently listed in the CISA KEV catalog. The most likely attack vector is local execution where the kernel module is available, and the impact is limited to availability through resource depletion.

Generated by OpenCVE AI on May 28, 2026 at 03:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the atmel‑aes buffer cleanup fix referenced in the advisory commits.
  • Disable or unload the atmel‑aes driver, especially on systems that cannot be updated immediately, to prevent the exploitation of the memory leak.
  • Monitor system memory usage and kernel logs for abnormal growth patterns that may indicate repeated usage of the atmel‑aes functionality, and take corrective action if necessary.

Generated by OpenCVE AI on May 28, 2026 at 03:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 28 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References

Wed, 27 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the first page using free_page(), leaking the remaining 3 pages. Use free_pages() with ATMEL_AES_BUFFER_ORDER to fix the memory leak.
Title crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:48:21.711Z

Reserved: 2026-05-13T15:03:33.092Z

Link: CVE-2026-46019

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:20.353

Modified: 2026-06-16T15:23:36.360

Link: CVE-2026-46019

cve-icon Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46019 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T03:45:06Z

Weaknesses
  • CWE-401

    Missing Release of Memory after Effective Lifetime

  • CWE-763

    Release of Invalid Pointer or Reference