Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

When page reassignment was added to af_alg_pull_tsgl the original
loop wasn't updated so it may try to reassign one more page than
necessary.

Add the check to the reassignment so that this does not happen.

Also update the comment which still refers to the obsolete offset
argument.
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists in the Linux kernel's crypto subsystem, specifically within the af_alg_pull_tsgl function. When page reassignment was added, the existing loop was not updated, causing the code to attempt to reassign one page more than necessary. This can overwrite kernel memory beyond the intended bounds, potentially corrupting critical data structures or enabling an attacker to execute arbitrary code at kernel privilege.

Affected Systems

Any Linux kernel build that includes the af_alg interface and does not contain the committed patch is affected. The CNA does not list specific vulnerable or fixed version ranges, so users should check whether their kernel version implements the official fix for af_alg_pull_tsgl.

Risk and Exploitability

The EPSS score of < 1% indicates a very low probability of public exploitation, and the vulnerability is not present in the CISA KEV catalog. However, the CVSS score of 7.8 highlights a high severity level. The attack vector likely requires the ability to trigger af_alg operations, such as by running malicious cryptographic code or manipulating data processed by af_alg. If successfully exploited, the kernel memory corruption could lead to privilege escalation or a denial‑of‑service outage. While exploitation is currently unlikely, the potential impact remains significant.

Generated by OpenCVE AI on May 8, 2026 at 19:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a version that contains the af_alg_pull_tsgl fix
  • If a kernel upgrade is not immediately possible, apply the specific commit or patch from the official kernel source that corrects the page reassignment loop
  • Limit access to the af_alg cryptographic interface by enforcing system policies or firewall rules so that only trusted users or services can invoke af_alg operations

Generated by OpenCVE AI on May 8, 2026 at 19:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8277-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8278-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8279-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8280-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8281-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-8289-1 Linux kernel (NVIDIA) vulnerabilities
Ubuntu USN Ubuntu USN USN-8277-2 Linux kernel (Oracle) vulnerabilities
Ubuntu USN Ubuntu USN USN-8279-2 Linux kernel (GCP) vulnerabilities
Ubuntu USN Ubuntu USN USN-8280-2 Linux kernel (Azure)vulnerabilities
Ubuntu USN Ubuntu USN USN-8281-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-8279-3 Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN Ubuntu USN USN-8305-1 Linux kernel (Intel IoTG Real-time) vulnerabilities
History

Wed, 20 May 2026 23:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:linux:linux_kernel:4.14:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*

Fri, 08 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 06 May 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-788

Wed, 06 May 2026 09:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl When page reassignment was added to af_alg_pull_tsgl the original loop wasn't updated so it may try to reassign one more page than necessary. Add the check to the reassignment so that this does not happen. Also update the comment which still refers to the obsolete offset argument.
Title crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:17:17.911Z

Reserved: 2026-05-01T14:12:55.983Z

Link: CVE-2026-43078

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T10:16:20.853

Modified: 2026-05-20T23:18:55.353

Link: CVE-2026-43078

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43078 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T19:45:15Z

Weaknesses