CVE-2026-43492
Analyzed Analyzed - Analysis Complete

Integer Underflow in Linux Kernel MPI Library

Publication date: 2026-05-19

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy more bytes than the "nbytes" parameter and the first "nbytes + 1" bytes of the scatterlist must be zero. Under these conditions, the while loop iterating over the scatterlist will count more zeroes than "nbytes", subtract the number of zeroes from "nbytes" and cause the underflow. When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally introduced the bug, it couldn't be triggered because all callers of mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to "nbytes". However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without scatterlists"), the underflow can now actually be triggered. When invoking a KEYCTL_PKEY_ENCRYPT system call with a larger "out_len" than "in_len" and filling the "in" buffer with zeroes, crypto_akcipher_sync_prep() will create an all-zero scatterlist used for both the "src" and "dst" member of struct akcipher_request and thereby fulfil the conditions to trigger the bug: sys_keyctl() keyctl_pkey_e_d_s() asymmetric_key_eds_op() software_key_eds_op() crypto_akcipher_sync_encrypt() crypto_akcipher_sync_prep() crypto_akcipher_encrypt() rsa_enc() mpi_read_raw_from_sgl() To the user this will be visible as a DoS as the kernel spins forever, causing soft lockup splats as a side effect. Fix it.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-19
Last Modified
2026-06-26
Generated
2026-06-30
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-28
NVD
CVE-2026-43492
EUVD
EUVD-2026-30878

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.13 (inc) to 6.18.30 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.7 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.88 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.176 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.210 (exc)
linux linux_kernel From 4.4 (inc) to 5.10.259 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an integer underflow in the Linux kernel function mpi_read_raw_from_sgl(), which occurs when subtracting a value called "lzeros" from an unsigned integer "nbytes".

The underflow happens under specific conditions: the scatterlist "sgl" must occupy more bytes than the "nbytes" parameter, and the first "nbytes + 1" bytes of the scatterlist must be zero. In this case, a loop counting zero bytes subtracts more zeroes than "nbytes", causing the unsigned integer to underflow.

This bug was introduced by a commit that added mpi sgl helpers and became triggerable after another commit changed how the crypto interface uses scatterlists. Specifically, when a KEYCTL_PKEY_ENCRYPT system call is made with a larger output length than input length and the input buffer is filled with zeroes, the conditions to trigger the bug are met.

The practical effect is that the kernel enters an infinite loop, causing a denial of service (DoS) visible as a soft lockup or kernel crash.

Impact Analysis

This vulnerability can cause a denial of service (DoS) on affected Linux systems.

When triggered, the kernel spins indefinitely in a loop, leading to soft lockup splats and potentially crashing or freezing the system.

This can disrupt normal operations, making the system unresponsive and requiring a reboot or other recovery actions.

Detection Guidance

This vulnerability manifests as a denial of service (DoS) condition where the Linux kernel spins indefinitely, causing soft lockup splats. Detection would involve monitoring for such kernel soft lockups or hangs related to cryptographic operations involving KEYCTL_PKEY_ENCRYPT system calls.

However, no specific detection commands or network/system scanning methods are provided in the available information.

Mitigation Strategies

The vulnerability has been fixed in the Linux kernel by correcting the integer underflow in mpi_read_raw_from_sgl(). Immediate mitigation would involve updating the Linux kernel to a version that includes this fix.

No other specific mitigation steps or workarounds are provided in the available information.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43492. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart