Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-27T00:00:00 kernel: crypto: algif_aead - snapshot IV for async AEAD requests 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-367

A flaw was found in the Linux kernel's `algif_aead` (Authenticated Encryption with Associated Data) subsystem. Asynchronous (async) requests for AEAD operations use a shared initialization vector (IV) buffer. This shared state can be modified by subsequent socket activity before an async request fully completes, leading to inconsistent IV handling. This inconsistency could potentially weaken cryptographic operations.

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46028 https://nvd.nist.gov/vuln/detail/CVE-2026-46028 https://lore.kernel.org/linux-cve-announce/2026052748-CVE-2026-46028-4f01@gregkh/T