Skip to main content

Linux Kernel CVE-2026-43077

| EUVDEUVD-2026-27564 MEDIUM
2026-05-06 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
7.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
May 20, 2026 - 23:23 vuln.today
CVSS changed
May 20, 2026 - 23:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 11:01 EUVD

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Fix minimum RX size check for decryption

The check for the minimum receive buffer size did not take the tag size into account during decryption. Fix this by adding the required extra length.

AnalysisAI

Local denial-of-service in the Linux kernel's AEAD crypto socket interface (algif_aead) allows a low-privileged local user to crash the kernel by submitting a decryption request where the minimum receive buffer size check fails to account for the authentication tag length. The CVSS vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) confirms this is a locally exploitable, high-availability-impact issue with no confidentiality or integrity risk. Patches have been released across multiple Linux LTS stable branches (5.10.254, 5.15.204, 6.1.170, 6.6.136, 6.12.83, 6.18.24, 6.19.14, 7.0) and Ubuntu has issued multiple USN advisories (USN-8277-1 through USN-8281-1). No public exploit code has been identified and EPSS is 0.02%, indicating no public exploitation activity.

Technical ContextAI

The vulnerability resides in the Linux kernel's algif_aead module, which is the AEAD (Authenticated Encryption with Associated Data) algorithm interface exposed to userspace via the AF_ALG socket family (crypto API socket layer). AEAD ciphers - such as AES-GCM and ChaCha20-Poly1305 - append an authentication tag to the ciphertext during encryption; during decryption, the kernel must receive the ciphertext plus the tag. The defect is that the minimum receive (RX) buffer size validation for decryption did not add the tag length to the required minimum size. This size mismatch could allow a local user to trigger an out-of-bounds condition or kernel panic by submitting a decryption request with an undersized buffer, resulting in a denial-of-service. The CPE cpe:2.3:a:linux:linux:* confirms this affects the upstream Linux kernel across multiple long-term stable (LTS) branches. No CWE was assigned by NVD, but the root cause class aligns with CWE-131 (Incorrect Calculation of Buffer Size) or CWE-193 (Off-by-One Error) within a length validation path.

RemediationAI

The primary fix is to update the Linux kernel to a patched stable version: 5.10.254, 5.15.204, 6.1.170, 6.6.136, 6.12.83, 6.18.24, 6.19.14, or 7.0. Upstream stable commits are available at https://git.kernel.org/stable/c/74a66fdb5282d89e348b00c42cfca3a936946d94, https://git.kernel.org/stable/c/e86ab1e5661386a874fbb8551f0c04b8e9f8ad22, https://git.kernel.org/stable/c/78cea133daf721698876e56135049a96d39d610a, and related commits for other branches. Ubuntu users should apply the patches referenced in USN-8277-1 through USN-8281-1 via standard package manager updates. As a compensating control where patching is not immediately feasible, restricting unprivileged access to AF_ALG sockets via Linux Security Modules (AppArmor, SELinux) or seccomp profiles to block socket(AF_ALG, ...) system calls from untrusted user processes will prevent exploitation - note this will also block legitimate userspace applications that use the kernel crypto API (e.g., some OpenSSL AF_ALG engines), so evaluate dependencies before applying. No configuration setting disables only the AEAD path without disabling the broader AF_ALG interface.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43077 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy