What is the CVSS score of CVE-2026-43078?

CVE-2026-43078 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Linux Kernel are affected by CVE-2026-43078?

CVE-2026-43078 is a high-severity memory corruption flaw in the Linux kernel's crypto subsystem that allows local authenticated users to escalate privileges or crash systems.. A patch is available.

Linux Kernel CVE-2026-43078

EUVD-2026-27567 HIGH

Out-of-bounds Write (CWE-787)

2026-05-06 Linux

GHSA-fqqq-mg72-x273

Buffer Overflow Linux Memory Corruption

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 08, 2026 - 13:24 vuln.today

CVSS changed

May 08, 2026 - 13:22 NVD

7.8 (HIGH)

Patch available

May 06, 2026 - 11:01 EUVD

CVE Published

May 06, 2026 - 07:40 nvd

HIGH 7.8

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

When page reassignment was added to af_alg_pull_tsgl the original loop wasn't updated so it may try to reassign one more page than necessary.

Add the check to the reassignment so that this does not happen.

Also update the comment which still refers to the obsolete offset argument.

AnalysisAI

Memory corruption in the Linux kernel's AF_ALG crypto subsystem allows local authenticated users to execute arbitrary code or cause denial of service through a page reassignment overflow in af_alg_pull_tsgl. The vulnerability affects multiple stable kernel branches (4.14 through 7.0) and has been patched across all maintained versions. …

RemediationAI

Within 24 hours: inventory all systems running Linux kernels 4.14-7.0 and identify patch availability for your distributions. Within 7 days: apply vendor-released kernel patches to all affected production systems, prioritizing servers and shared workstations with multiple user accounts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-47334 MEDIUM This Month

5.5 May 28

Kernel availability loss in Ubuntu Linux 6.8, 6.17, and 7.0 can be triggered by any unprivileged local user via a defect

CVE-2026-47335 MEDIUM This Month

5.5 May 28

Kernel panic via NULL pointer dereference in Ubuntu Linux 6.8's AppArmor notification handler allows a locally authentic

CVE-2026-47327 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel versions 6.8, 6.17, and 7.0 allows a local unprivileged user to crash th

CVE-2026-47337 LOW Monitor

3.3 May 28

NULL pointer dereference in Ubuntu Linux kernel SAUCE patches (versions 6.8, 6.17, and 7.0) allows an unprivileged local

CVE-2026-45844 Monitor

May 27

In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload par

Vendor StatusVendor

CVE-2026-43078 vulnerability details – vuln.today

Back

Linux Kernel CVE-2026-43078

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code