CVE-2026-28529 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local use…
High CVSS: 8.5

CVE-2026-28529

cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.
Vendor
-
Product
-
CWE
CWE-416
Yayın Tarihi
2026-03-25 14:16:33
Güncelleme
2026-03-25 15:41:33
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-416 HIGH 2026

Referanslar

https://gist.github.com/n4sm/0fd2479e0c23e0fa2f192cd8fda45750 https://github.com/cryptodev-linux/cryptodev-linux/pull/104 https://nasm.re/posts/cryptodev-linux-vuln/ https://www.vulncheck.com/advisories/cryptodev-linux-get-userbuf-use-after-free-lpe