CVE-2026-43330
Received Received - Intake
Buffer Overflow in Linux Kernel CAAM Crypto Driver

Publication date: 2026-05-08

Last updated on: 2026-05-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwise the hashed key may corrupt neighbouring memory. The copying is performed using kmemdup, however this leads to an overflow: reading more bytes (aligned_len - keylen) from the keylen source buffer. Fix this by replacing kmemdup with kmalloc, followed by memcpy.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-18
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43330
EUVD
EUVD-2026-28614
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.3 (inc) to 6.6.134 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability has been resolved by fixing the Linux kernel crypto caam module to prevent overflow on long HMAC keys. The fix involves replacing kmemdup with kmalloc followed by memcpy to properly allocate memory with DMA cache alignment.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix.

Executive Summary

This vulnerability exists in the Linux kernel's crypto subsystem, specifically in the caam module handling HMAC keys. When a key longer than the block size is supplied, the key is copied and then hashed into the actual key used. The memory allocated for this copy must be aligned to the DMA cache size to prevent corruption of adjacent memory.

The issue arises because the copying is done using kmemdup, which causes an overflow by reading more bytes than the original key length from the source buffer. This overflow can lead to memory corruption. The fix replaces kmemdup with kmalloc followed by memcpy to correctly handle the memory allocation and copying without overflow.

Impact Analysis

This vulnerability can lead to memory corruption in the Linux kernel when handling long HMAC keys. Memory corruption can cause unpredictable behavior including crashes, data corruption, or potential security risks such as privilege escalation or information leakage depending on how the corrupted memory is used.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart