CVE-2026-31391 — Improper Update of Reference Count in Linux

CWE-911 — Improper Update of Reference Count6 documents6 sources

Severity

5.3MEDIUM

No vector

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads.

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.10-1

▶CVEListV5linux/linuxda001fb651b00e1deeaf24767dd691ae8152a4f5 — 66ee9c1c3575b5d6afc340faca00fd40ed5b7ad9+6

▶debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-8v35-jwfj-qhmg: In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, dec↗2026-04-03

▶

OSV

CVE-2026-31391: In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decre↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: crypto: atmel-sha204a - Fix OOM ->tfm_count leak↗2026-04-03

▶

Debian

CVE-2026-31391: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: atm...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-31391 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶