CVE-2026-43078
Buffer Overflow Fix in Linux Kernel Crypto API
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's crypto subsystem, specifically in the af_alg module. It involves a flaw in the function af_alg_pull_tsgl where a page reassignment overflow can occur. When page reassignment was introduced, the original loop controlling the reassignment was not updated properly, causing it to potentially reassign one more page than necessary. This could lead to unexpected behavior or memory handling issues. The fix involved adding a check to prevent this overflow and updating related comments.
How can this vulnerability impact me? :
The vulnerability could cause improper memory page reassignment in the Linux kernel's crypto module, which might lead to memory corruption or instability in the system. This could potentially be exploited to cause crashes or other unintended behavior in applications relying on the affected crypto functionality.