Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).

Add a minimum AAD length check to fail fast on invalid inputs.
Published: 2026-02-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via kernel panic due to null pointer dereference
Action: Immediate Patch
AI Analysis

Impact

The vulnerability exists in the Linux kernel's authencesn cryptographic module, which processes ESP/ESN-formatted authenticated encryption data. When the associated data (AAD) is shorter than eight bytes, the function crypto_authenc_esn_decrypt can advance past the end of the destination scatterlist, causing a NULL pointer dereference inside scatterwalk_map_and_copy and resulting in a kernel crash that denies service. This represents a classic null pointer dereference (CWE‑476) that can be leveraged to compromise availability.

Affected Systems

Linux kernel deployments are affected, specifically kernel versions 6.19 and its release candidates 6.19‑rc1 through 6.19‑rc6, as well as any derivative builds identified by the corresponding CPE entries. All distributions shipping these kernel versions are therefore impacted.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate severity. An EPSS score below 1 % and absence from KISA’s KEV catalog suggest low likelihood of active exploitation. An attacker would need to inject malformed ESP/ESN packets with too‑short AAD toward a vulnerable host; if processed, the kernel will panic, causing a localized denial of service. This risk is limited to the affected system’s availability and requires no additional privileges beyond the capability to send crafted packets.

Generated by OpenCVE AI on April 17, 2026 at 23:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a patched version that incorporates the minimum AAD length check added in this commit.
  • If a kernel update is not immediately possible, limit exposure by blocking or filtering ESP/ESN traffic with firewall or SELinux rules to prevent malformed packets from reaching the kernel.
  • Enable or review kernel logging to monitor for null pointer dereference events or unexpected panics that may indicate attempts to exploit this weakness.

Generated by OpenCVE AI on April 17, 2026 at 23:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4475-1 linux security update
Debian DLA Debian DLA DLA-4476-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6126-1 linux security update
Debian DSA Debian DSA DSA-6127-1 linux security update
Ubuntu USN Ubuntu USN USN-8143-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8145-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8148-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8149-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8143-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8145-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8148-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8148-3 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8145-3 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-8148-4 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8152-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-8148-5 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8149-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8159-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8159-2 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8159-3 Linux kernel (Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8162-1 Linux kernel (NVIDIA Tegra) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8164-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
Ubuntu USN Ubuntu USN USN-8165-1 Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-8145-4 Linux kernel (HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-8148-6 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8163-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8145-5 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8148-7 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8188-1 Linux kernel (HWE) vulnerabilities
History

Fri, 13 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 06 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
References

Thu, 05 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 04 Feb 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.
Title crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-02-09T08:37:58.639Z

Reserved: 2026-01-13T15:37:45.952Z

Link: CVE-2026-23060

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-02-04T17:16:16.687

Modified: 2026-03-13T21:28:47.830

Link: CVE-2026-23060

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-04T00:00:00Z

Links: CVE-2026-23060 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T23:45:25Z

Weaknesses