CVE-2026-31739
Analyzed Analyzed - Analysis Complete
Missing CRYPTO_ALG_ASYNC Flag in Tegra Crypto Driver

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This causes crashes (at least). Fix this by adding the flag like what the other drivers do. Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just get ignored and overridden by the registration function anyway.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31739
EUVD
EUVD-2026-26552
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.10 (inc) to 6.12.81 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's tegra crypto driver. The driver failed to set the CRYPTO_ALG_ASYNC flag on its asynchronous algorithms. Because of this, the crypto API mistakenly selects these asynchronous algorithms even when users request only synchronous algorithms. This mismatch can cause system crashes.

The issue was fixed by adding the missing CRYPTO_ALG_ASYNC flag, aligning the tegra driver with other drivers. Additionally, unnecessary CRYPTO_ALG_TYPE_* flags were removed since they are ignored and overridden during registration.

Impact Analysis

This vulnerability can cause crashes in systems using the Linux kernel's tegra crypto driver when asynchronous algorithms are incorrectly selected for synchronous requests. Such crashes can lead to system instability, potential denial of service, and disruption of applications relying on cryptographic operations.

Mitigation Strategies

The vulnerability is resolved by adding the missing CRYPTO_ALG_ASYNC flag in the tegra crypto driver within the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

This update prevents the crypto API from incorrectly selecting asynchronous algorithms for users requesting synchronous algorithms, which can cause crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31739. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart