PT-2026-51910 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-53016
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - copy IV using skcipher ivsize
AF ALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver.
ccp aes complete() restores AES BLOCK SIZE bytes into the caller's IV
buffer while RFC3686 skciphers expose an 8-byte IV, so the restore
overruns the provided buffer.
Use crypto skcipher ivsize() to copy only the algorithm's IV length.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux