Bug 2464379 (CVE-2026-31739)

Summary: CVE-2026-31739 kernel: crypto: tegra - Add missing CRYPTO_ALG_ASYNC
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel's tegra crypto driver. The driver failed to correctly set a flag for its asynchronous cryptographic algorithms. This oversight could lead to the crypto API selecting asynchronous algorithms when a user specifically requests synchronous ones. Consequently, this mismatch can cause system crashes, resulting in a Denial of Service (DoS).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-01 15:03:24 UTC 
In the Linux kernel, the following vulnerability has been resolved:

crypto: tegra - Add missing CRYPTO_ALG_ASYNC

The tegra crypto driver failed to set the CRYPTO_ALG_ASYNC on its
asynchronous algorithms, causing the crypto API to select them for users
that request only synchronous algorithms.  This causes crashes (at
least).  Fix this by adding the flag like what the other drivers do.
Also remove the unnecessary CRYPTO_ALG_TYPE_* flags, since those just
get ignored and overridden by the registration function anyway.
Comment 1 Keith Grant 2026-05-01 21:36:31 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050139-CVE-2026-31739-4bc1@gregkh/T