CVE-2026-46077 Linux CVE debrief

Who should care

Organizations running Linux on embedded ARM systems or other non-coherent architectures with Atmel TDES cryptographic hardware; kernel maintainers and distribution security teams responsible for stable kernel backports

Technical summary

The atmel-tdes driver in the Linux kernel incorrectly used `dma_sync_single_for_device()` when the CPU needed to consume DMA output. On non-coherent platforms, this synchronization direction error could cause the CPU to read stale cache data instead of the actual DMA output. The fix changes the sync direction to `dma_sync_single_for_cpu()` for the output buffer, ensuring proper cache invalidation before CPU access. This affects cryptographic operations using the Atmel TDES hardware accelerator on architectures without cache coherency between DMA and CPU.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the atmel-tdes DMA sync fix when available for your distribution
• Verify kernel version includes commits addressing CVE-2026-46077 if running on ARM/embedded platforms with Atmel TDES hardware
• Monitor vendor security advisories for backported fixes to stable kernel branches
• Review systems using atmel-tdes for cryptographic operations on non-coherent memory architectures

Evidence notes

The CVE description and kernel.org commit references confirm this is a resolved DMA synchronization direction error in the atmel-tdes crypto driver. The vulnerability affects non-coherent platforms where incorrect cache synchronization could return stale cryptographic output.

Official resources