Page Reference Handling Flaw in cryptodev-linux by Cryptodev
CVE-2026-28529

8.5HIGH

Key Information:

Vendor

Cryptodev-linux

Status
Cryptodev-linux
Vendor
CVE Published:
25 March 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-28529?

The cryptodev-linux software, specifically versions 1.14 and earlier, is susceptible to a flaw in the handling of page references within the get_userbuf function of the /dev/crypto device driver. This vulnerability may allow local users to exploit use-after-free conditions by reducing reference counts of specific pages. If attackers gain access to the /dev/crypto interface, they could leverage this flaw to escalate their privileges locally, posing a significant risk to system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cryptodev-linux 0 <= 1.14

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-28529 - Proof of Concept

CVE-2026-28529 - Proof of Concept

References

https://nasm.re/posts/cryptodev-linux-vuln/
technical-descriptionexploit
https://gist.github.com/n4sm/0fd2479e0c23e0fa2f192cd8fda4...
exploit
https://github.com/cryptodev-linux/cryptodev-linux/pull/104
patch

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

nasm
JSON
.