Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Fix minimum RX size check for decryption

The check for the minimum receive buffer size did not take the
tag size into account during decryption. Fix this by adding the
required extra length.
Published: 2026-05-06
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s algif_aead socket interface performs a minimum receive buffer size check during decryption but originally omitted the authentication tag length from the calculation. This oversight allows an attacker to send a packet whose payload is smaller than the combined payload and tag size, causing the decryption path to read or write beyond the bounds of the allocated buffer. The resulting memory corruption can crash the kernel or, if exploited further, could potentially enable arbitrary code execution. The vulnerability is classified as CWE‑131, incorrect size calculations.

Affected Systems

Any Linux kernel that has not incorporated the patch that adds the missing tag size to the minimum RX size check is potentially affected. The CVE does not specify a version range, so administrators should verify that their kernel includes the referenced commit (e.g., 1c76b5675, 3afdc15d6, 3d14bd48e) or that their distribution’s security update applies the fix.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity level, while the EPSS score of <1% suggests a low but non‑zero likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. An adversary would need to target a system exposing the algif_aead socket interface, which is commonly enabled on many Linux distributions by default. The attack can be mounted remotely by sending a specially crafted packet, without requiring privileged access on the target machine. Based on the description, the flaw could lead to a kernel panic or loss of memory integrity.

Generated by OpenCVE AI on May 21, 2026 at 00:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to a version that includes the patch for the algif_aead minimum RX size check or apply the upstream commits referenced in the advisory (e.g., 1c76b5675119f694458293a2a81f40731c69bd32, 3afdc15d6173614d7d834517d9b65e7aa5a08548, 3d14bd48e3a77091cbce637a12c2ae31b4a1687c).
  • If using a custom kernel, cherry‑pick the aforementioned commits and rebuild the kernel, ensuring the bounds‑check logic accounts for the authentication tag size before deployment.
  • If the patch cannot be applied immediately, mitigate by blocking or restricting traffic to the algif_aead socket interface using firewall rules or by disabling the algorithm in the kernel configuration to prevent the decryption code from executing.

Generated by OpenCVE AI on May 21, 2026 at 00:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8277-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8278-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8279-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8280-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8281-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8289-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8277-2 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-8279-2 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-8280-2 Linux kernel (Azure)vulnerabilities
Ubuntu USN Ubuntu USN USN-8281-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8279-3 Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN Ubuntu USN USN-8305-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
History

Wed, 20 May 2026 23:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 06 May 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Fix minimum RX size check for decryption The check for the minimum receive buffer size did not take the tag size into account during decryption. Fix this by adding the required extra length.
Title crypto: algif_aead - Fix minimum RX size check for decryption
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:16.763Z

Reserved: 2026-05-01T14:12:55.983Z

Link: CVE-2026-43077

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:20.707

Modified: 2026-05-20T23:19:13.320

Link: CVE-2026-43077

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43077 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T01:00:16Z

Weaknesses