CVE-2026-28529

Name of the Vulnerable Software and Affected Versions cryptodev-linux versions 1.14 and prior

Description A flaw exists in the get userbuf function within the /dev/crypto device driver of cryptodev-linux. This flaw involves improper handling of page references, potentially leading to use-after-free conditions. Local users with access to the /dev/crypto interface can exploit this by repeatedly decreasing reference counts of pages they control, which may result in local privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.