CVE-2026-31391 Linux CVE debrief

Who should care

Organizations running Linux systems with Atmel SHA204A cryptographic hardware, particularly those providing multi-tenant or containerized environments where local user access is possible. Embedded systems and IoT deployments using this specific crypto accelerator should prioritize patching.

Technical summary

The atmel-sha204a driver in the Linux kernel contains a resource leak vulnerability. When memory allocation fails (OOM condition), the driver does not decrement the `tfm_count` counter before returning an error. This counter tracks active transform contexts; failure to decrement on error paths causes the count to remain artificially elevated. Once `tfm_count` reaches its maximum, subsequent legitimate read operations on the SHA204A device are blocked, resulting in a denial of service. The vulnerability affects kernel versions from 5.3 through multiple stable branches up to 7.0-rc2. Patches have been backported to all maintained stable branches.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates to patched versions: 5.10.253+, 6.1.167+, 6.6.130+, 6.12.78+, 6.18.20+, 6.19.10+, or 7.0-rc3+
• If running affected kernel versions with Atmel SHA204A hardware, prioritize patching systems where local untrusted access is possible
• Monitor for kernel OOM conditions that could trigger the vulnerable code path
• Review system logs for SHA204A driver errors as potential indicators of exploitation attempts

Evidence notes

Vulnerability description and patch references sourced from NVD. Affected version ranges derived from CPE criteria in source metadata. CVSS 3.1 vector confirms local attack vector with availability impact. Multiple stable kernel patches available via kernel.org git references.

Official resources