CVE-2026-46077
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
24/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
crypto: atmel-tdes - fix DMA sync direction<br />
<br />
Before DMA output is consumed by the CPU, ->dma_addr_out must be synced<br />
with dma_sync_single_for_cpu() instead of dma_sync_single_for_device().<br />
Using the wrong direction can return stale cache data on non-coherent<br />
platforms.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.6 (including) | 5.10.258 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.209 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.175 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.140 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.27 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/12a0adfe498cd5d87e6365d7ca5f6b3eed79e523
- https://git.kernel.org/stable/c/5281e6e2302362f6b75b70cbfe4098d2a25dafd9
- https://git.kernel.org/stable/c/863d11b3927703ad95077c81a8a6489c5c7872f7
- https://git.kernel.org/stable/c/b5f5df801d161ba244f391519cbff2f4e5c6edc2
- https://git.kernel.org/stable/c/b9b28f3881dd514e74f98ae04e79a635022a4804
- https://git.kernel.org/stable/c/c0f3002c02a3a83250e25582ffbe8df7eb78a8bd
- https://git.kernel.org/stable/c/c8a9a647532f5c2a04180352693215e24e9dba03
- https://git.kernel.org/stable/c/ce3224678acb8c0b3473daa7d7dbffc998c6951a



