CVE-2026-28386
mediumCVSS v3 Base Score
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 92% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: April 7, 2026 (94 days ago)
Last Modified: April 7, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT
Vulnerability Report
Generated by CyberWatcher
Description
Issue summary: Applications using AES-CFB128 encryption or decryption on
systems with AVX-512 and VAES support can trigger an out-of-bounds read
of up to 15 bytes when processing partial cipher blocks.
Impact summary: This out-of-bounds read may trigger a crash which leads to
Denial of Service for an application if the input buffer ends at a memory
page boundary and the following page is unmapped. There is no information
disclosure as the over-read bytes are not written to output.
The vulnerable code path is only reached when processing partial blocks
(when a previous call left an incomplete block and the current call provides
fewer bytes than needed to complete it). Additionally, the input buffer
must be positioned at a page boundary with the following page unmapped.
CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or
ChaCha20-Poly1305 instead. For these reasons the issue was assessed as
Low severity according to our Security Policy.
Only x86-64 systems with AVX-512 and VAES instruction support are affected.
Other architectures and systems without VAES support use different code
paths that are not affected.
OpenSSL FIPS module in 3.6 version is affected by this issue.
CWE
CWE-805Affected Products
Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat JBoss Core ServicesRed Hat OpenShift Container Platform 4Red Hat Hardened Images