CVE-2026-43492
Received Received - Intake
Integer Underflow in Linux Kernel MPI Library

Publication date: 2026-05-19

Last updated on: 2026-05-19

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy more bytes than the "nbytes" parameter and the first "nbytes + 1" bytes of the scatterlist must be zero. Under these conditions, the while loop iterating over the scatterlist will count more zeroes than "nbytes", subtract the number of zeroes from "nbytes" and cause the underflow. When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally introduced the bug, it couldn't be triggered because all callers of mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to "nbytes". However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without scatterlists"), the underflow can now actually be triggered. When invoking a KEYCTL_PKEY_ENCRYPT system call with a larger "out_len" than "in_len" and filling the "in" buffer with zeroes, crypto_akcipher_sync_prep() will create an all-zero scatterlist used for both the "src" and "dst" member of struct akcipher_request and thereby fulfil the conditions to trigger the bug: sys_keyctl() keyctl_pkey_e_d_s() asymmetric_key_eds_op() software_key_eds_op() crypto_akcipher_sync_encrypt() crypto_akcipher_sync_prep() crypto_akcipher_encrypt() rsa_enc() mpi_read_raw_from_sgl() To the user this will be visible as a DoS as the kernel spins forever, causing soft lockup splats as a side effect. Fix it.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-19
Last Modified
2026-05-19
Generated
2026-05-20
AI Q&A
2026-05-19
EPSS Evaluated
2026-05-19
NVD
CVE-2026-43492
EUVD
EUVD-2026-30878
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel to 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an integer underflow in the Linux kernel function mpi_read_raw_from_sgl(), which occurs when subtracting a value called "lzeros" from an unsigned integer "nbytes".

The underflow happens under specific conditions: the scatterlist "sgl" must occupy more bytes than the "nbytes" parameter, and the first "nbytes + 1" bytes of the scatterlist must be zero. In this case, a loop counting zero bytes subtracts more zeroes than "nbytes", causing the unsigned integer to underflow.

This bug was introduced by a commit that added mpi sgl helpers and became triggerable after another commit changed how the crypto interface uses scatterlists. Specifically, when a KEYCTL_PKEY_ENCRYPT system call is made with a larger output length than input length and the input buffer is filled with zeroes, the conditions to trigger the bug are met.

The practical effect is that the kernel enters an infinite loop, causing a denial of service (DoS) visible as a soft lockup or kernel crash.


How can this vulnerability impact me? :

This vulnerability can cause a denial of service (DoS) on affected Linux systems.

When triggered, the kernel spins indefinitely in a loop, leading to soft lockup splats and potentially crashing or freezing the system.

This can disrupt normal operations, making the system unresponsive and requiring a reboot or other recovery actions.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability manifests as a denial of service (DoS) condition where the Linux kernel spins indefinitely, causing soft lockup splats. Detection would involve monitoring for such kernel soft lockups or hangs related to cryptographic operations involving KEYCTL_PKEY_ENCRYPT system calls.

However, no specific detection commands or network/system scanning methods are provided in the available information.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been fixed in the Linux kernel by correcting the integer underflow in mpi_read_raw_from_sgl(). Immediate mitigation would involve updating the Linux kernel to a version that includes this fix.

No other specific mitigation steps or workarounds are provided in the available information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart