CVE-2026-23060
Unknown Unknown - Not Provided
Null Pointer Dereference DoS in Linux Kernel authencesn Module

Publication date: 2026-02-04

Last updated on: 2026-03-13

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-13
Generated
2026-05-07
AI Q&A
2026-02-04
EPSS Evaluated
2026-05-05
NVD
CVE-2026-23060
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.11 (inc) to 5.15.199 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.122 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.68 (exc)
linux linux_kernel From 4.3 (inc) to 5.10.249 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's crypto module, specifically in the authencesn component which handles authentication for ESP/ESN-formatted Additional Authenticated Data (AAD). The issue arises when the length of the AAD (assoclen) is shorter than the minimum expected length of 8 bytes. In such cases, the function crypto_authenc_esn_decrypt() can read beyond the intended memory boundary, causing a NULL pointer dereference in scatterwalk_map_and_copy(). This results in a kernel panic, effectively causing a denial of service (DoS).

The vulnerability is addressed by adding a minimum AAD length check to reject inputs that are too short, preventing the invalid memory access.


How can this vulnerability impact me? :

This vulnerability can cause a denial of service (DoS) on affected Linux systems by triggering a kernel panic. An attacker could exploit this by providing specially crafted inputs with too-short AAD, causing the system to crash or become unresponsive.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart