Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: caam - fix overflow on long hmac keys

When a key longer than block size is supplied, it is copied and then
hashed into the real key. The memory allocated for the copy needs to
be rounded to DMA cache alignment, as otherwise the hashed key may
corrupt neighbouring memory.

The copying is performed using kmemdup, however this leads to an overflow:
reading more bytes (aligned_len - keylen) from the keylen source buffer.
Fix this by replacing kmemdup with kmalloc, followed by memcpy.
Published: 2026-05-08
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow occurs in the Linux kernel's caam crypto module when an HMAC key larger than the block size is supplied. The key is duplicated with kmemdup, which incorrectly reads additional bytes from the source buffer, causing the resulting copy to overwrite adjacent memory. This memory corruption can compromise data integrity and potentially allow an attacker to execute arbitrary code in kernel space, leading to full system compromise, or cause a denial of service by crashing the kernel. The flaw manifests as a classic buffer overflow, involving CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write).

Affected Systems

All Linux kernel implementations that include the caam cryptographic accelerator and use HMAC keys larger than the acceptable block size are affected. No specific kernel versions are listed in the data, so the vulnerability may be present across multiple releases where caam is enabled.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, and the EPSS score of < 1% shows the likelihood of exploitation is low but not zero. The vulnerability is not listed in KEV, meaning no known widespread exploitation. The overflow could allow an attacker with sufficient privileges to overwrite kernel memory, potentially achieving arbitrary code execution up to system compromise or causing a denial of service. The likely attack vector is a local or privileged process that can supply an oversized HMAC key to the caam crypto module. Exploitation requires that the system is running a kernel with the caam module enabled and a key longer than the block size is processed.

Generated by OpenCVE AI on May 18, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that replaces kmemdup with kmalloc and memcpy, as shown in the cited git commits.
  • Verify that the system uses the caam crypto module; if possible, disable or restrict it until the patch is applied.
  • Ensure that all HMAC keys used with the caam module are no longer than the supported block size to avoid triggering the overflow until the patch is in place.

Generated by OpenCVE AI on May 18, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 18 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Mon, 18 May 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*

Thu, 14 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122

Mon, 11 May 2026 09:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Mon, 11 May 2026 07:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 08 May 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwise the hashed key may corrupt neighbouring memory. The copying is performed using kmemdup, however this leads to an overflow: reading more bytes (aligned_len - keylen) from the keylen source buffer. Fix this by replacing kmemdup with kmalloc, followed by memcpy.
Title crypto: caam - fix overflow on long hmac keys
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:22:28.937Z

Reserved: 2026-05-01T14:12:56.002Z

Link: CVE-2026-43330

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T14:16:42.650

Modified: 2026-05-18T12:40:24.183

Link: CVE-2026-43330

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43330 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-18T15:30:28Z

Weaknesses