CVE-2026-28529
cryptodev-linux <= 1.14 get_userbuf Use After Free LPE
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.
| CWE | CWE-416 |
| Vendor | cryptodev-linux |
| Product | cryptodev-linux |
| Published | Mar 25, 2026 |
| Last Updated | Mar 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for cryptodev-linux cryptodev-linux
Be the first to know when new unknown vulnerabilities affecting cryptodev-linux cryptodev-linux are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
cryptodev-linux / cryptodev-linux
0 โค 1.14
References
nasm.re: https://nasm.re/posts/cryptodev-linux-vuln/ gist.github.com: https://gist.github.com/n4sm/0fd2479e0c23e0fa2f192cd8fda45750 github.com: https://github.com/cryptodev-linux/cryptodev-linux/pull/104 vulncheck.com: https://www.vulncheck.com/advisories/cryptodev-linux-get-userbuf-use-after-free-lpe
Credits
nasm