CVE-2026-53016

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsize AF_ALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccp_aes_complete() restores AES_BLOCK_SIZE bytes into the caller's IV buffer while RFC3686 skciphers expose an 8-byte IV, so the restore overruns the provided buffer. Use crypto_skcipher_ivsize() to copy only the algorithm's IV length.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – 939061b2d0f7f15114e34b4ce878ef50ff4089c3
Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – 798d409a8949f3f495f238549b86de2886b129bd
Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – dfb2cf434829819268fe50f41542aad318ad62b2
Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – eecee15e263ccb8cd77170a56ab6c969cb54dd6a
Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – bb01d8f1f385bc9034ca114d3508c7fdea24fc9a
Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – df9784bb5b637ac80f4a2768a58ca9a50bef28a9
Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – 227c1e1d9e2aa4cfc65ba446d5690da1f546cda4
Linux / Linux2b789435d7f36ed918d92db647f3a2f3fec9bb1f – a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4
Linux / Linux3.14 – 3.14
Linux / Linux0 – 3.14
Linux / Linux5.10.258 – 5.10.*
Linux / Linux5.15.209 – 5.15.*
Linux / Linux6.1.175 – 6.1.*
Linux / Linux6.6.141 – 6.6.*
Linux / Linux6.12.91 – 6.12.*
Linux / Linux6.18.33 – 6.18.*
Linux / Linux7.0.10 – 7.0.*
Linux / Linux7.1 – *

Description

CVSS breakdown

Affected products

References