{"cve":{"cve_id":"CVE-2026-53046","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free from async crypto on Qualcomm crypto engine\n\nksmbd_crypt_message() sets a NULL completion callback on AEAD requests\nand does not handle the -EINPROGRESS return code from async hardware\ncrypto engines like the Qualcomm Crypto Engine (QCE). When QCE returns\n-EINPROGRESS, ksmbd treats it as an error and immediately frees the\nrequest while the hardware DMA operation is still in flight. The DMA\ncompletion callback then dereferences freed memory, causing a NULL\npointer crash:\n\n  pc : qce_skcipher_done+0x24/0x174\n  lr : vchan_complete+0x230/0x27c\n  ...\n  el1h_64_irq+0x68/0x6c\n  ksmbd_free_work_struct+0x20/0x118 [ksmbd]\n  ksmbd_exit_file_cache+0x694/0xa4c [ksmbd]\n\nUse the standard crypto_wait_req() pattern with crypto_req_done() as\nthe completion callback, matching the approach used by the SMB client\nin fs/smb/client/smb2ops.c. This properly handles both synchronous\nengines (immediate return) and async engines (-EINPROGRESS followed\nby callback notification).","published_at":"2026-06-24T16:29:52.676000Z","last_modified_at":null,"cvss_v3_score":9.8,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/57b47231055b431ed0a1a55f33cac32981564405","https://git.kernel.org/stable/c/cc2da381875d4a67026e4c8feb3dba51a2a2d1bc","https://git.kernel.org/stable/c/8fcefe840fa8c14ce667768e5b043286ac3bbcbe","https://git.kernel.org/stable/c/8ef183216feaa24b66b940510d8b68f680eb56e9","https://git.kernel.org/stable/c/7164b3953cefd540e7ebca828c793bc6869cfbc4","https://git.kernel.org/stable/c/b46aa129fa2807bfe1545fe74d9295d53c51520b","https://git.kernel.org/stable/c/3e298897f41c61450c2e7a4f457e8b2485eb35b3"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:28.590503Z","updated_at":"2026-06-28T23:30:49.890169Z"},"effective_severity":"CRITICAL","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","version_start_inclusive":true,"version_end":"57b47231055b431ed0a1a55f33cac32981564405","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9:57b47231055b431ed0a1a55f33cac32981564405"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","version_start_inclusive":true,"version_end":"cc2da381875d4a67026e4c8feb3dba51a2a2d1bc","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9:cc2da381875d4a67026e4c8feb3dba51a2a2d1bc"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","version_start_inclusive":true,"version_end":"8fcefe840fa8c14ce667768e5b043286ac3bbcbe","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9:8fcefe840fa8c14ce667768e5b043286ac3bbcbe"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","version_start_inclusive":true,"version_end":"8ef183216feaa24b66b940510d8b68f680eb56e9","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9:8ef183216feaa24b66b940510d8b68f680eb56e9"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","version_start_inclusive":true,"version_end":"7164b3953cefd540e7ebca828c793bc6869cfbc4","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9:7164b3953cefd540e7ebca828c793bc6869cfbc4"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","version_start_inclusive":true,"version_end":"b46aa129fa2807bfe1545fe74d9295d53c51520b","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9:b46aa129fa2807bfe1545fe74d9295d53c51520b"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9","version_start_inclusive":true,"version_end":"3e298897f41c61450c2e7a4f457e8b2485eb35b3","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:e2f34481b24db2fd634b5edb0a5bd0e4d38cc6e9:3e298897f41c61450c2e7a4f457e8b2485eb35b3"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15","version_start_inclusive":true,"version_end":"5.15","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.15:5.15"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"5.15","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:5.15"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.15.209","version_start_inclusive":true,"version_end":"5.15.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.15.209:5.15.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.1.175","version_start_inclusive":true,"version_end":"6.1.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.1.175:6.1.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.6.141","version_start_inclusive":true,"version_end":"6.6.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.6.141:6.6.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.91","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.91:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.33","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.33:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.10","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.10:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/57b47231055b431ed0a1a55f33cac32981564405","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/cc2da381875d4a67026e4c8feb3dba51a2a2d1bc","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/8fcefe840fa8c14ce667768e5b043286ac3bbcbe","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/8ef183216feaa24b66b940510d8b68f680eb56e9","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/7164b3953cefd540e7ebca828c793bc6869cfbc4","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/b46aa129fa2807bfe1545fe74d9295d53c51520b","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/3e298897f41c61450c2e7a4f457e8b2485eb35b3","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-24T16:29:52.676000Z","label":"CVE published","source":null}]}