CVE-2026-23060

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).

Add a minimum AAD length check to fail fast on invalid inputs.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux104880a6b470958ddc30e139c41aa4f6ed3a5234 < df22c9a65e9a9daa368a72fed596af9d7d5876bbaffected
LinuxLinux104880a6b470958ddc30e139c41aa4f6ed3a5234 < fee86edf5803f1d1f19e3b4f2dacac241bddfa48affected
LinuxLinux104880a6b470958ddc30e139c41aa4f6ed3a5234 < 767e8349f7e929b7dd95c08f0b4cb353459b365eaffected
LinuxLinux104880a6b470958ddc30e139c41aa4f6ed3a5234 < b0a9609283a5c852addb513dafa655c61eebc1efaffected
LinuxLinux104880a6b470958ddc30e139c41aa4f6ed3a5234 < 161bdc90fce25bd9890adc67fa1c8563a7acbf40affected
LinuxLinux104880a6b470958ddc30e139c41aa4f6ed3a5234 < 9532ff0d0e90ff78a214299f594ab9bac81defe4affected
LinuxLinux104880a6b470958ddc30e139c41aa4f6ed3a5234 < 2397e9264676be7794f8f7f1e9763d90bd3c7335affected
LinuxLinux4.3affected
LinuxLinux0 < 4.3unaffected
LinuxLinux5.10.249 <= 5.10.*unaffected
LinuxLinux5.15.199 <= 5.15.*unaffected
LinuxLinux6.1.162 <= 6.1.*unaffected
LinuxLinux6.6.122 <= 6.6.*unaffected
LinuxLinux6.12.68 <= 6.12.*unaffected
LinuxLinux6.18.8 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References