CVE-2026-46068 - Vulnerability Details

- crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx

The bounce buffers are allocated with __get_free_pages() using
BOUNCE_BUFFER_ORDER (order 2 = 4 pages), but both the allocation error
path and nx842_crypto_free_ctx() release the buffers with free_page().
Use free_pages() with the matching order instead.

Published: 2026-05-27

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s nx crypto module allocates bounce buffers with a four‑page order but frees them with free_page(), which releases only one page. This mismatch causes a gradual memory leak. The CVE description does not state that the bug allows code execution or privilege escalation; it only describes the resource exhaustion, so it is inferred that the impact is limited to memory exhaustion and performance degradation.

Affected Systems

Any Linux installation that includes the nx842_crypto module is potentially affected. The CPE string references the generic Linux kernel, indicating all kernel versions prior to the patch may be vulnerable regardless of distribution. No vendor or version limits are listed, so any deployment using that module is at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited or no public exploitation. The bug requires executing code in the kernel or triggering the allocation/free logic from privileged context. Thus, the primary risk is potential memory exhaustion leading to service disruption, not immediate compromise of confidentiality or integrity. The likely attack vector is through a use of the nx crypto API by a privileged process or a malicious application that gains kernel privileges.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`ed70b479c2c0b6e1319f0cb2de19f1051be219a4`	affected	< f17a4850d1ce7c11cba8b1830b9bfedfede878bb
`ed70b479c2c0b6e1319f0cb2de19f1051be219a4`	affected	< 910bb34b801d39794e656f7d48414844b2bd354e
`ed70b479c2c0b6e1319f0cb2de19f1051be219a4`	affected	< 5c07962fed66e1238fad7635fa150570bd38b4c5
`ed70b479c2c0b6e1319f0cb2de19f1051be219a4`	affected	< 80fd99d7c30ea889662d21f1b44d8fea4c83138d
`ed70b479c2c0b6e1319f0cb2de19f1051be219a4`	affected	< adb3faf2db1a66d0f015b44ac909a32dfc7f2f9c

Linux

affected

Version	Status	Constraints
`4.2`	affected	—
`0`	unaffected	< 4.2
`6.6.141`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.27`	unaffected	≤ 6.18.*
`7.0.4`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[ed70b479c2c0b6e1319f0cb2de19f1051be219a4,f17a4850d1ce7c11cba8b1830b9bfedfede878bb)`	affected	code_commit	—
`[ed70b479c2c0b6e1319f0cb2de19f1051be219a4,910bb34b801d39794e656f7d48414844b2bd354e)`	affected	code_commit	—
`[ed70b479c2c0b6e1319f0cb2de19f1051be219a4,5c07962fed66e1238fad7635fa150570bd38b4c5)`	affected	code_commit	—
`[ed70b479c2c0b6e1319f0cb2de19f1051be219a4,80fd99d7c30ea889662d21f1b44d8fea4c83138d)`	affected	code_commit	—
`[ed70b479c2c0b6e1319f0cb2de19f1051be219a4,adb3faf2db1a66d0f015b44ac909a32dfc7f2f9c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.2`	affected	generic	—
`[0,4.2)`	unaffected	semver	—
`[6.6.141,7.0.0)`	unaffected	semver	—
`[6.12.88,6.13.0)`	unaffected	semver	—
`[6.18.27,6.19.0)`	unaffected	semver	—
`[7.0.4,7.1.0)`	unaffected	semver	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a version that includes the patch correcting the bounce buffer allocation/deallocation mismatch.
If using a custom kernel build, pull the relevant commit from the Linux kernel repository, apply the patch to the source, rebuild, and install the updated kernel.
Reconfigure the kernel to disable the nx842_crypto module if the crypto functionality is not required, so the vulnerable code path is never used.

Generated by OpenCVE AI on May 28, 2026 at 03:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00168.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/5c07962fed66e1238fad7635fa150570bd38b4c5
https://git.kernel.org/stable/c/80fd99d7c30ea889662d21f1b44d8fea4c83138d
https://git.kernel.org/stable/c/910bb34b801d39794e656f7d48414844b2bd354e
https://git.kernel.org/stable/c/adb3faf2db1a66d0f015b44ac909a32dfc7f2f9c
https://git.kernel.org/stable/c/f17a4850d1ce7c11cba8b1830b9bfedfede878bb
https://lore.kernel.org/linux-cve-announce/2026052757-CVE-2026-46068-1fce@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46068
https://www.cve.org/CVERecord?id=CVE-2026-46068

History

Thu, 28 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-763
References		https://lore.kernel.org/linux-cve-announce/2026052757-CVE-2026-46068-1fce@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46068 https://www.cve.org/CVERecord?id=CVE-2026-46068
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx The bounce buffers are allocated with __get_free_pages() using BOUNCE_BUFFER_ORDER (order 2 = 4 pages), but both the allocation error path and nx842_crypto_free_ctx() release the buffers with free_page(). Use free_pages() with the matching order instead.
Title		crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/5c07962fed66e1238fad7635fa150570bd38b4c5 https://git.kernel.org/stable/c/80fd99d7c30ea889662d21f1b44d8fea4c83138d https://git.kernel.org/stable/c/910bb34b801d39794e656f7d48414844b2bd354e https://git.kernel.org/stable/c/adb3faf2db1a66d0f015b44ac909a32dfc7f2f9c https://git.kernel.org/stable/c/f17a4850d1ce7c11cba8b1830b9bfedfede878bb

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:57:48.457Z

Updated: 2026-06-14T17:51:58.785Z

Reserved: 2026-05-13T15:03:33.095Z

Link: CVE-2026-46068

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:27.940

Modified: 2026-06-17T10:53:00.927

Link: CVE-2026-46068

Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46068 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-28T03:45:06Z

Weaknesses

CWE-763
Release of Invalid Pointer or Reference

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object