CVE-2026-43077
Published: May 7, 2026Last modified: June 24, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Fix minimum RX size check for decryption The check for the minimum receive buffer size did not take the tag size into account during decryption. Fix this by adding the required extra length.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.170-r0) |
| 25 LTS | linux-lts | Fixed (6.12.85-r0) | |
| Stream | linux-lts | Fixed (6.18.35-r1) |
References
- https://git.kernel.org/stable/c/1c76b5675119f694458293a2a81f40731c69bd32
- https://git.kernel.org/stable/c/3afdc15d6173614d7d834517d9b65e7aa5a08548
- https://git.kernel.org/stable/c/3d14bd48e3a77091cbce637a12c2ae31b4a1687c
- https://git.kernel.org/stable/c/74a66fdb5282d89e348b00c42cfca3a936946d94
- https://git.kernel.org/stable/c/78cea133daf721698876e56135049a96d39d610a
- https://git.kernel.org/stable/c/af2fa2fbbced26129813274b8b3f7705f280e174
- https://git.kernel.org/stable/c/e86ab1e5661386a874fbb8551f0c04b8e9f8ad22
- https://git.kernel.org/stable/c/fd427dd84f224309afbcc2cb67c7bb770a01265c