CVE-2026-46081

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory corruption issue exists in the Linux kernel crypto acomp component. The function acomp save req() incorrectly stores the address of the chain member (&req->chain) in req->base.data. When acomp reqchain done() is called during asynchronous completion, it casts this pointer directly to a struct acomp req. Because the pointer refers to the chain member rather than the start of the structure, subsequent field accesses occur at incorrect offsets. This occurs specifically when an asynchronous hardware implementation, such as the QAT driver, completes a request using the DMA virtual address interface (e.g., acomp request set src dma()), leading crypto acomp compress() to use the acomp do req chain() path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.