CVE-2026-43043
NULL Pointer Dereference in Linux Kernel Crypto AF_ALG
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix for the AF_ALG NULL pointer dereference issue in scatterwalk. The fix involves explicitly unmarking the end of the previous Scatter/Gather List when chaining new structures, preventing kernel panic.
Until the update is applied, avoid workloads or operations that use the AF_ALG interface with sendmsg() calls that fill Scatter/Gather Lists exactly to their maximum entries, as this triggers the vulnerability.
How can this vulnerability impact me? :
The vulnerability can cause a kernel panic in the Linux system when the crypto scatterwalk encounters a NULL pointer dereference. This results in a system crash, leading to denial of service as the kernel becomes unstable or unresponsive.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's crypto subsystem, specifically in the AF_ALG interface handling scatter/gather lists (SGL). When chaining a new af_alg_tsgl structure, the interface fails to clear the end marker on the previous SGL's last data entry if a sendmsg() call fills an SGL exactly to its maximum entries. This causes the crypto scatterwalk to prematurely detect the end of the list, returning NULL on sg_next(), which leads to a kernel panic due to a NULL pointer dereference.