CVE-2026-43033
Linux Kernel Out-of-Place Decryption Crypto Vulnerability
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability relates to the Linux kernel's crypto subsystem, specifically the authencesn module. It involves incorrect handling of high-order sequence bits during out-of-place decryption, which could potentially lead to incorrect cryptographic operations or data integrity issues when decrypting data.
If exploited or left unpatched, this could impact systems relying on the Linux kernel's cryptographic functions for secure data processing, potentially leading to data corruption or weakening of cryptographic assurances.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's crypto module, specifically in the authencesn component. It relates to the handling of out-of-place decryption, where the source and destination buffers are different (src != dst). The issue is that the high-order sequence bits (hiseq) were being placed at the end of the destination buffer unnecessarily. Since these bits can be re-copied from the source, saving them in the destination is not needed. However, the data that is hashed needs to be rearranged properly to avoid issues.