{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-53046/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-28T06:38:28.822Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-53046","@id":"https://www.cve.org/CVERecord?id=CVE-2026-53046","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix use-after-free from async crypto on Qualcomm crypto engine\n\nksmbd_crypt_message() sets a NULL completion callback on AEAD requests\nand does not handle the -EINPROGRESS return code from async hardware\ncrypto engines like the Qualcomm Crypto Engine (QCE). When QCE returns\n-EINPROGRESS, ksmbd treats it as an error and immediately frees the\nrequest while the hardware DMA operation is still in flight. The DMA\ncompletion c"},"products":[{"@id":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*"}},{"@id":"cpe:2.3:a:linux:linux:5.15:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:linux:linux:5.15:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 0, 3e298897f41c61450c2e7a4f457e8b2485eb35b3, 5.15.209, 57b47231055b431ed0a1a55f33cac32981564405, 6.1.175, 6.6.141, 6.12.91, 6.18.33, 7.0.10, 7.1, 7164b3953cefd540e7ebca828c793bc6869cfbc4, 8ef183216feaa24b66b940510d8b68f680eb56e9, 8fcefe840fa8c14ce667768e5b043286ac3bbcbe, b46aa129fa2807bfe1545fe74d9295d53c51520b, cc2da381875d4a67026e4c8feb3dba51a2a2d1bc.","timestamp":"2026-06-28T06:38:28.822Z"}]}