CVE-2026-6458
Received Received - Intake
Incorrect GCM Authentication Tag in Caliptra Core Firmware

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: b01ddd03-5ef6-483b-b2c5-acba77f1a554

Description
Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude the first batch of processed ciphertext. Ciphertext produced by that call may be modified without the tag reflecting the change. This issue affects Core Runtime Firmware: from 2.0.0 through 2.0.1, 2.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-6458
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
nvidia caliptra_runtime From 2.0.0 (inc) to 2.0.1 (inc)
nvidia caliptra_runtime 2.1.0
nvidia caliptra_runtime 2.0.2
nvidia caliptra_runtime 2.1.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-325 The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6458 is a vulnerability in the Caliptra Runtime software versions 2.0.0, 2.0.1, and 2.1.0 that affects the AES-256-GCM streaming cryptographic operations. Specifically, when the streaming AES-256-GCM API is used with empty Additional Authenticated Data (AAD), the hardware GHASH accumulator state is not saved after the first update call. This causes the final authentication tag to exclude the first batch of processed ciphertext, allowing that ciphertext to be modified without detection.

Impact Analysis

This vulnerability can impact you by allowing undetected tampering of ciphertext data processed by the affected Caliptra Runtime firmware. While it does not directly affect confidentiality or availability, it poses a low risk to data integrity because the authentication tag does not cover the first batch of ciphertext, enabling modifications without detection. Exploitation requires low privileges but physical or logical proximity to the target system.

Mitigation Strategies

To mitigate this vulnerability, update the Caliptra Runtime software to a patched version. Versions 2.0.2 and 2.1.1 contain fixes for this issue.

Since the vulnerability involves a missing cryptographic step in AES-256-GCM streaming operations, applying the official patches will ensure the hardware GHASH state is correctly handled, preventing undetected ciphertext tampering.

Compliance Impact

The vulnerability in Caliptra Core Firmware causes an incorrect GCM authentication tag, allowing ciphertext tampering without detection. This poses a low risk to data integrity but does not directly impact confidentiality or availability.

Since data integrity is a critical aspect of compliance with standards like GDPR and HIPAA, this vulnerability could potentially affect compliance by undermining the assurance that data has not been altered.

However, the actual impact on compliance depends on the specific use case and how the affected cryptographic functions are integrated and relied upon within the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6458. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart