Skip to main content

Linux Kernel EUVDEUVD-2026-26632

| CVE-2026-43033 HIGH
2026-05-01 Linux
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 03, 2026 - 07:36 vuln.today
CVSS changed
May 03, 2026 - 07:22 NVD
7.8 (HIGH)
Patch released
May 03, 2026 - 07:16 nvd
Patch available
Patch available
May 01, 2026 - 16:33 EUVD
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26632
Analysis Generated
May 01, 2026 - 15:00 vuln.today
CVE Published
May 01, 2026 - 14:15 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption

When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could simply be re-copied from the source.

However, the data to be hashed need to be rearranged accordingly.

Thanks,

AnalysisAI

Memory corruption in Linux kernel's crypto authencesn subsystem allows local authenticated attackers to disclose sensitive kernel memory, modify data integrity, or cause denial of service through improper handling of sequence bits during out-of-place decryption operations. The vulnerability affects Linux kernel versions from 4.3 through multiple stable branches (5.10.x, 5.15.x, 6.1.x, 6.6.x, 6.12.x, 6.18.x, 6.19.x) with patches available across all affected branches. EPSS exploitation probability is low (0.02%, 7th percentile) and no active exploitation or public POC has been identified.

Technical ContextAI

The authencesn (Authenticated Encryption with Associated Data using ESP sequence number) implementation in the Linux kernel crypto subsystem incorrectly handles high-order sequence bits when performing out-of-place decryption operations where source and destination buffers differ. The flaw occurs in the data arrangement logic prior to hashing - when src != dst, the code unnecessarily saves sequence bits to the destination buffer and fails to properly reorganize data for the hash operation. This affects the kernel's IPsec ESP (Encapsulating Security Payload) implementation which uses authencesn for authenticated encryption. The vulnerability was introduced in commit 104880a6b470958ddc30e139c41aa4f6ed3a5234 and exists across multiple kernel stable branches from version 4.3 onward, affecting both enterprise and embedded Linux distributions.

RemediationAI

Update to patched kernel versions: 5.10.254 or later for 5.10.x branch, 5.15.204 for 5.15.x, 6.1.170 for 6.1.x, 6.6.137 for 6.6.x, 6.12.85 for 6.12.x, 6.18.22 for 6.18.x, 6.19.12 for 6.19.x, or upgrade to mainline 7.0. Upstream fixes available in commits cded4002d22177e8deaca1f257ecd932c9582b6b (mainline) and branch-specific commits listed at kernel.org stable tree. For systems unable to immediately patch, consider disabling IPsec ESP if not operationally required, or restrict local user access to systems handling sensitive IPsec traffic. Note that disabling crypto modules (authencesn) may break VPN functionality. In multi-tenant environments, isolate untrusted local users from systems processing IPsec traffic through separate kernel instances or virtualization boundaries. Kernel live-patching solutions (kpatch, livepatch) may provide interim mitigation without reboot for supported distributions. Validate patch application by checking kernel version with 'uname -r' and verifying crypto subsystem commit hash matches patched versions.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-26632 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy