CVE-2026-31739
Missing CRYPTO_ALG_ASYNC Flag in Tegra Crypto Driver
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
| nvidia | tegra | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's tegra crypto driver. The driver failed to set the CRYPTO_ALG_ASYNC flag on its asynchronous algorithms. Because of this, the crypto API mistakenly selects these asynchronous algorithms even when users request only synchronous algorithms. This mismatch can cause system crashes.
The issue was fixed by adding the missing CRYPTO_ALG_ASYNC flag, aligning the tegra driver with other drivers. Additionally, unnecessary CRYPTO_ALG_TYPE_* flags were removed since they are ignored and overridden during registration.
How can this vulnerability impact me? :
This vulnerability can cause crashes in systems using the Linux kernel's tegra crypto driver when asynchronous algorithms are incorrectly selected for synchronous requests. Such crashes can lead to system instability, potential denial of service, and disruption of applications relying on cryptographic operations.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by adding the missing CRYPTO_ALG_ASYNC flag in the tegra crypto driver within the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.
This update prevents the crypto API from incorrectly selecting asynchronous algorithms for users requesting synchronous algorithms, which can cause crashes.