CVE-2026-31739
Analyzed Analyzed - Analysis Complete

Missing CRYPTO_ALG_ASYNC Flag in Tegra Crypto Driver

Vulnerability report for CVE-2026-31739, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its asynchronous algorithms, causing the crypto API to select them for users that request only synchronous algorithms. This causes crashes (at least). Fix this by adding the flag like what the other drivers do. Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just get ignored and overridden by the registration function anyway.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-07-06
AI Q&A
2026-05-01
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.10 (inc) to 6.12.81 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's tegra crypto driver. The driver failed to set the CRYPTO_ALG_ASYNC flag on its asynchronous algorithms. Because of this, the crypto API mistakenly selects these asynchronous algorithms even when users request only synchronous algorithms. This mismatch can cause system crashes.

The issue was fixed by adding the missing CRYPTO_ALG_ASYNC flag, aligning the tegra driver with other drivers. Additionally, unnecessary CRYPTO_ALG_TYPE_* flags were removed since they are ignored and overridden during registration.

Impact Analysis

This vulnerability can cause crashes in systems using the Linux kernel's tegra crypto driver when asynchronous algorithms are incorrectly selected for synchronous requests. Such crashes can lead to system instability, potential denial of service, and disruption of applications relying on cryptographic operations.

Mitigation Strategies

The vulnerability is resolved by adding the missing CRYPTO_ALG_ASYNC flag in the tegra crypto driver within the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

This update prevents the crypto API from incorrectly selecting asynchronous algorithms for users requesting synchronous algorithms, which can cause crashes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31739. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart