CVE-2026-31391

Vulnerability

CVE-2026-31391 is a reference-count leak in the atmel-sha204a cryptographic driver within the Linux kernel [1][2][3][4]. When memory allocation fails during a cryptographic operation, the driver increments ->tfm_count but neglects to decrement it on the subsequent error path. This oversight allows the count to become permanently elevated if an out-of-memory (OOM) condition occurs [1].

Attack

Surface

The vulnerability affects the Atmel SHA-204A hardware crypto accelerator driver. Exploitation requires that a local user or a process causes the driver to encounter an OOM situation during a crypto operation, which could be triggered by exhausting system memory while using the cryptographic device [1]. No authentication is needed beyond the ability to interact with the crypto subsystem.

Impact

An elevated ->tfm_count blocks all future reads from the crypto accelerator because the count is checked as a guard condition. This results in a denial of service for any process that depend on hardware-backed cryptographic operations, potentially affecting system availability or the function of security mechanisms that rely on the atmel-sha204a driver [1].

Mitigation

Patches have been committed to the stable Linux kernel tree. The fix adds the missing decrement of ->tfm_count on the failure path. Users should update their kernel to include the backported commit from the stable branches [1][2][3][4]. There is no evidence this vulnerability is currently listed on CISA's Known Exploited Vulnerabilities catalog.