Description
In the Linux kernel, the following vulnerability has been resolved:

xfrm: ipcomp: Free destination pages on acomp errors

Move the out_free_req label up by a couple of lines so that the
allocated dst SG list gets freed on error as well as success.
Published: 2026-06-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates in the XFRM IPComp implementation of the Linux kernel, where the allocated destination scatter‑gather list is not freed on certain error paths. When these errors occur, memory is left unreleased, potentially leading to a gradual accumulation of leaked pages. This represents a CWE‑772 (Unreleased Resource) weakness. The leak could eventually consume available RAM, causing kernel instability or a crash, which results in a denial‑of‑service condition. The flaw does not provide direct code‑execution or privilege escalation capabilities.

Affected Systems

Any Linux kernel that includes the XFRM IPComp subsystem before the fix is potentially affected. The CVE does not enumerate specific kernel releases, so all unpatched versions that still contain this legacy code are at risk.

Risk and Exploitability

The EPSS score remains < 1% and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.5 indicates high severity, confirming the description’s suggestion that triggering an IPComp error could lead to significant denial‑of‑service risk. Given that exploitation requires influencing the kernel’s error path—most likely through crafted IPComp packets—the attack surface is network‑based. The failure to free destination scatter‑gather pages constitutes a memory‑leak vulnerability (CWE‑772), so systems that handle IPComp traffic are at risk of exhausting kernel memory and crashing.

Generated by OpenCVE AI on June 28, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the fix for the XFRM IPComp destination page release bug.
  • If a kernel upgrade cannot be performed immediately, disable or restrict IPComp traffic by configuring the network interfaces that use IPComp, and apply subsequent security patches as they become available.
  • Implement firewall or routing rules to block or limit IPComp traffic from untrusted sources, and monitor kernel memory usage for signs of abnormal leaks.

Generated by OpenCVE AI on June 28, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Thu, 25 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399
CWE-401

Thu, 25 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-399
CWE-401

Wed, 24 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the out_free_req label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success.
Title xfrm: ipcomp: Free destination pages on acomp errors
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:36:52.693Z

Reserved: 2026-06-09T07:44:35.369Z

Link: CVE-2026-52932

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-52932 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:00:21Z

Weaknesses
  • CWE-772

    Missing Release of Resource after Effective Lifetime