Home

Description

cryptodev-linux version 1.14 and prior contain a page reference handling flaw in the get_userbuf function of the /dev/crypto device driver that allows local users to trigger use-after-free conditions. Attackers with access to the /dev/crypto interface can repeatedly decrement reference counts of controlled pages to achieve local privilege escalation.

PUBLISHED Reserved 2026-02-27 | Published 2026-03-25 | Updated 2026-05-11 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Use After Free (CWE-416)

Product status

Default status
unknown

Any version
affected

Credits

nasm finder

References

nasm.re/posts/cryptodev-linux-vuln/ technical-description exploit

gist.github.com/n4sm/0fd2479e0c23e0fa2f192cd8fda45750 exploit

github.com/cryptodev-linux/cryptodev-linux/pull/104 patch

www.vulncheck.com/...ev-linux-get-userbuf-use-after-free-lpe third-party-advisory

cve.org (CVE-2026-28529)

nvd.nist.gov (CVE-2026-28529)

Download JSON