CVE-2026-53302
Received Received - Intake
Heap-based Buffer Overflow in Linux Kernel Crypto EIP93 Driver

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93_hmac_setkey() allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cra_driver_name (e.g. "sha256-eip93") but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since the EIP93 hash algorithms are the only ones registered under those driver names and they are inherently async, the lookup is self-contradictory and always fails with -ENOENT. When called from the AEAD setkey path, this failure leaves the SA record partially initialized with zeroed digest fields. A subsequent crypto operation then dereferences a NULL pointer in the request context, resulting in a kernel panic: ``` pc : eip93_aead_handle_result+0xc8c/0x1240 [crypto_hw_eip93] lr : eip93_aead_handle_result+0xbec/0x1240 [crypto_hw_eip93] sp : ffffffc082feb820 x29: ffffffc082feb820 x28: ffffff8011043980 x27: 0000000000000000 x26: 0000000000000000 x25: ffffffc078da0bc8 x24: 0000000091043980 x23: ffffff8004d59e50 x22: ffffff8004d59410 x21: ffffff8004d593c0 x20: ffffff8004d593c0 x19: ffffff8004d4f300 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fda7aa498 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: fffffffff8127a80 x9 : 0000000000000000 x8 : ffffff8004d4f380 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : 0000000000000008 x3 : 0000000000000009 x2 : 0000000000000008 x1 : 0000000028000003 x0 : ffffff8004d388c0 Code: 910142b6 f94012e0 f9002aa0 f90006d3 (f9400740) ``` The reported symbol eip93_aead_handle_result+0xc8c is a resolution artifact from static functions being merged under the nearest exported symbol. Decoding the faulting sequence: ``` 910142b6 ADD X22, X21, #0x50 f94012e0 LDR X0, [X23, #0x20] f9002aa0 STR X0, [X21, #0x50] f90006d3 STR X19, [X22, #0x8] f9400740 LDR X0, [X26, #0x8] ``` The faulting LDR at [X26, #0x8] is loading ctx->flags (offset 8 in eip93_hash_ctx), where ctx has been resolved to NULL from a partially initialized or unreachable transform context following the failed setkey. Fix this by dropping the CRYPTO_ALG_ASYNC mask from the crypto_alloc_ahash() call. The code already handles async completion correctly via crypto_wait_req(), so there is no requirement to restrict the lookup to synchronous algorithms. Note that hashing a single 64-byte block through the hardware is likely slower than doing it in software due to the DMA round-trip overhead, but offloading it may still spare CPU cycles on the slower embedded cores where this IP is found. [Detailed investigation report of this bug]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53302
EUVD
EUVD-2026-39837
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linux_kernel linux_kernel *
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's crypto subsystem, specifically in the eip93 HMAC setkey algorithm implementation. The function eip93_hmac_setkey() tries to allocate a temporary hash transform using a driver-specific name but incorrectly restricts the allocation to synchronous algorithms only, while the actual algorithms are asynchronous. This contradiction causes the allocation to fail, leaving certain security association (SA) records partially initialized with zeroed digest fields.

When a subsequent cryptographic operation is performed, it attempts to dereference a NULL pointer due to the incomplete initialization, which leads to a kernel panic (system crash). The root cause is the use of the CRYPTO_ALG_ASYNC mask during allocation, which excludes the asynchronous algorithms that are actually required.

The fix involves removing the CRYPTO_ALG_ASYNC mask from the allocation call, allowing the asynchronous algorithms to be correctly found and used, preventing the failure and kernel panic.

Impact Analysis

This vulnerability can cause a kernel panic in affected Linux systems when certain cryptographic operations using the eip93 HMAC algorithm are performed. A kernel panic results in an immediate system crash, causing denial of service.

Such crashes can disrupt normal system operations, potentially leading to downtime, loss of availability, and interruption of services that rely on the Linux kernel's cryptographic functions.

Mitigation Strategies

The vulnerability is fixed by dropping the CRYPTO_ALG_ASYNC mask from the crypto_alloc_ahash() call in the Linux kernel code. Since this is a kernel-level issue, the immediate mitigation step is to update the Linux kernel to a version that includes this fix.

Applying the latest kernel patches or upgrading to a kernel version released after 2026-06-26 that contains this fix will prevent the kernel panic caused by this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53302. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart