Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject short ahash digests during instance creation

authencesn requires either a zero authsize or an authsize of at least
4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of
high-order sequence number data at the end of the authenticated data.

While crypto_authenc_esn_setauthsize() already rejects explicit
non-zero authsizes in the range 1..3, crypto_authenc_esn_create()
still copied auth->digestsize into inst->alg.maxauthsize without
validating it. The AEAD core then initialized the tfm's default
authsize from that value.

As a result, selecting an ahash with digest size 1..3, such as
cbcmac(cipher_null), exposed authencesn instances whose default
authsize was invalid even though setauthsize() would have rejected the
same value. AF_ALG could then trigger the ESN tail handling with a
too-short tag and hit an out-of-bounds access.

Reject authencesn instances whose ahash digest size is in the invalid
non-zero range 1..3 so that no tfm can inherit an unsupported default
authsize.
Published: 2026-05-27
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when the Linux kernel’s crypto subsystem allows an authenticated encryption instance to be created with an invalid authentication size derived from an ahash digest size of 1 to 3 bytes. Because the instance inherits this unsupported default authsize, subsequent cryptographic operations can trigger an out‑of‑bounds access when the kernel processes the short authentication tag. An attacker who can trigger the flawed path—by crafting or manipulating data passed to AF_ALG or a similar cryptographic interface—could cause a kernel memory corruption that may lead to execution of arbitrary code or a kernel panic, thereby compromising system integrity and availability.

Affected Systems

All Linux kernel distributions that implement the crypto/authencesn module, as no specific kernel version was provided. The issue is present wherever the default authentication size is inherited during instance creation without proper validation.

Risk and Exploitability

The CVSS score is not available, and the EPSS score is not listed, so the quantitative mean time between attacks is unknown. The vulnerability is not listed in the CISA KEV catalog. However, the flaw allows memory corruption in kernel space, which is a high‑risk condition for an attacker with the ability to provide malicious input to AF_ALG or a related interface. The lack of a proactive validation step makes the attack surface significant, and the kernel’s privileged execution context could enable privilege escalation or full system compromise if successfully exploited.

Generated by OpenCVE AI on May 27, 2026 at 20:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that incorporates the commit rejecting short ahash digests during instance creation
  • Temporarily disable the ESN authenticated encryption algorithm or AF_ALG interface until the update is applied
  • Restrict access to the AF_ALG interface to trusted users or processes only, for example by using SELinux or capability restrictions, until the update is applied

Generated by OpenCVE AI on May 27, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CWE-787

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequence number data at the end of the authenticated data. While crypto_authenc_esn_setauthsize() already rejects explicit non-zero authsizes in the range 1..3, crypto_authenc_esn_create() still copied auth->digestsize into inst->alg.maxauthsize without validating it. The AEAD core then initialized the tfm's default authsize from that value. As a result, selecting an ahash with digest size 1..3, such as cbcmac(cipher_null), exposed authencesn instances whose default authsize was invalid even though setauthsize() would have rejected the same value. AF_ALG could then trigger the ESN tail handling with a too-short tag and hit an out-of-bounds access. Reject authencesn instances whose ahash digest size is in the invalid non-zero range 1..3 so that no tfm can inherit an unsupported default authsize.
Title crypto: authencesn - reject short ahash digests during instance creation
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:56:42.038Z

Reserved: 2026-05-13T15:03:33.093Z

Link: CVE-2026-46033

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:22.313

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T20:30:40Z

Weaknesses