CVE-2026-46028

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the algif aead component where AF ALG AEAD AIO requests utilize a socket-wide IV (Initialization Vector) buffer during processing. For asynchronous requests, subsequent socket activity may update this shared state before the initial request completes, resulting in inconsistent IV handling. This occurs because in-flight operations depend on mutable socket state rather than a dedicated snapshot of the IV.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.