CVE-2026-43043
Awaiting Analysis Awaiting Analysis - Queue
NULL Pointer Dereference in Linux Kernel Crypto AF_ALG

Publication date: 2026-05-01

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL) when chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL exactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent sendmsg() allocates a new SGL and chains it, but fails to clear the end marker on the previous SGL's last data entry. This causes the crypto scatterwalk to hit a premature end, returning NULL on sg_next() and leading to a kernel panic during dereference. Fix this by explicitly unmarking the end of the previous SGL when performing sg_chain() in af_alg_alloc_tsgl().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-08
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43043
EUVD
EUVD-2026-26642
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.168 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.134 (exc)
linux linux_kernel From 2.6.38 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can cause a kernel panic in the Linux system when the crypto scatterwalk encounters a NULL pointer dereference. This results in a system crash, leading to denial of service as the kernel becomes unstable or unresponsive.

Executive Summary

This vulnerability exists in the Linux kernel's crypto subsystem, specifically in the AF_ALG interface handling scatter/gather lists (SGL). When chaining a new af_alg_tsgl structure, the interface fails to clear the end marker on the previous SGL's last data entry if a sendmsg() call fills an SGL exactly to its maximum entries. This causes the crypto scatterwalk to prematurely detect the end of the list, returning NULL on sg_next(), which leads to a kernel panic due to a NULL pointer dereference.

Mitigation Strategies

To mitigate this vulnerability, you should update your Linux kernel to a version that includes the fix for the AF_ALG NULL pointer dereference issue in scatterwalk. The fix involves explicitly unmarking the end of the previous Scatter/Gather List when chaining new structures, preventing kernel panic.

Until the update is applied, avoid workloads or operations that use the AF_ALG interface with sendmsg() calls that fill Scatter/Gather Lists exactly to their maximum entries, as this triggers the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43043. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart