crypto: ccp - copy IV using skcipher ivsize
Summary
| CVE | CVE-2026-53016 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-24 17:17:12 UTC |
| Updated | 2026-07-15 13:55:21 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - copy IV using skcipher ivsize AF_ALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver. ccp_aes_complete() restores AES_BLOCK_SIZE bytes into the caller's IV buffer while RFC3686 skciphers expose an 8-byte IV, so the restore overruns the provided buffer. Use crypto_skcipher_ivsize() to copy only the algorithm's IV length. |
Risk And Classification
Primary CVSS: v3.1 7 HIGH from ADP
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.001320000 probability, percentile 0.031230000 (date 2026-07-14)
Problem Types: CWE-787 | CWE-805 | CWE-805 Buffer Access with Incorrect Length Value
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | CVSS | 7 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | Secondary | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | CNA | DECLARED | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f 939061b2d0f7f15114e34b4ce878ef50ff4089c3 git | Not specified |
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f 798d409a8949f3f495f238549b86de2886b129bd git | Not specified |
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f dfb2cf434829819268fe50f41542aad318ad62b2 git | Not specified |
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f eecee15e263ccb8cd77170a56ab6c969cb54dd6a git | Not specified |
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f bb01d8f1f385bc9034ca114d3508c7fdea24fc9a git | Not specified |
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f df9784bb5b637ac80f4a2768a58ca9a50bef28a9 git | Not specified |
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f 227c1e1d9e2aa4cfc65ba446d5690da1f546cda4 git | Not specified |
| CNA | Linux | Linux | affected 2b789435d7f36ed918d92db647f3a2f3fec9bb1f a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4 git | Not specified |
| CNA | Linux | Linux | affected 3.14 | Not specified |
| CNA | Linux | Linux | unaffected 3.14 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.258 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.209 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.175 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.141 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.91 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.33 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0.10 7.0.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.1 * original_commit_for_fix | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 10 | unaffected 0:6.12.0-211.34.1.el10_2 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | unaffected 0:5.14.0-687.25.1.el9_8 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/939061b2d0f7f15114e34b4ce878ef50ff4089c3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/dfb2cf434829819268fe50f41542aad318ad62b2 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/a7a1f3cdd64d8a165d9b8c9e9ad7fb46ac19dfc4 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| access.redhat.com/errata/RHSA-2026:38491 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53016.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | Third Party Advisory |
| git.kernel.org/stable/c/798d409a8949f3f495f238549b86de2886b129bd | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| access.redhat.com/security/cve/CVE-2026-53016 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| git.kernel.org/stable/c/bb01d8f1f385bc9034ca114d3508c7fdea24fc9a | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | Third Party Advisory |
| git.kernel.org/stable/c/eecee15e263ccb8cd77170a56ab6c969cb54dd6a | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| access.redhat.com/errata/RHSA-2026:39494 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | Third Party Advisory |
| git.kernel.org/stable/c/227c1e1d9e2aa4cfc65ba446d5690da1f546cda4 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| git.kernel.org/stable/c/df9784bb5b637ac80f4a2768a58ca9a50bef28a9 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-06-24T00:00:00.000Z | Reported to Red Hat. |
| ADP | 2026-06-24T00:00:00.000Z | Made public. |
Solutions
ADP: RHSA-2026:39494: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)
ADP: RHSA-2026:38491: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)
Workarounds
ADP: To mitigate this issue, prevent module ccp-crypto from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.