{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52932", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.369Z", "datePublished": "2026-06-24T07:14:24.002Z", "dateUpdated": "2026-06-24T07:14:24.002Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T07:14:24.002Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: ipcomp: Free destination pages on acomp errors\n\nMove the out_free_req label up by a couple of lines so that the\nallocated dst SG list gets freed on error as well as success."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/xfrm/xfrm_ipcomp.c"], "versions": [{"version": "eb2953d26971f3083bbf95de4bc997b5bedf0b6e", "lessThan": "dc6dcba80d72a27ab61831ad3d253316e0c9b9d5", "status": "affected", "versionType": "git"}, {"version": "eb2953d26971f3083bbf95de4bc997b5bedf0b6e", "lessThan": "b30aa173c3809f6af4c83a86099be1be19aa48eb", "status": "affected", "versionType": "git"}, {"version": "eb2953d26971f3083bbf95de4bc997b5bedf0b6e", "lessThan": "7dbac7680eb629b3b4dc7e98c34f943b8814c0c8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/xfrm/xfrm_ipcomp.c"], "versions": [{"version": "6.15", "status": "affected"}, {"version": "0", "lessThan": "6.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.35", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.12", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "6.18.35"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "7.0.12"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.15", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/dc6dcba80d72a27ab61831ad3d253316e0c9b9d5"}, {"url": "https://git.kernel.org/stable/c/b30aa173c3809f6af4c83a86099be1be19aa48eb"}, {"url": "https://git.kernel.org/stable/c/7dbac7680eb629b3b4dc7e98c34f943b8814c0c8"}], "title": "xfrm: ipcomp: Free destination pages on acomp errors", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: xfrm: ipcomp: Free destination pages on acomp errors", "id": "2492087", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492087"}, "csaw": false, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's xfrm IPcomp (IP Payload Compression Protocol) component. This vulnerability involves improper memory deallocation during error handling, where allocated resources are not correctly freed. This could allow a local attacker to cause resource exhaustion, potentially leading to a Denial of Service (DoS) on the system."], "name": "CVE-2026-52932", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52932\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52932\nhttps://lore.kernel.org/linux-cve-announce/2026062433-CVE-2026-52932-11a5@gregkh/T"]}