Description
In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject short ahash digests during instance creation

authencesn requires either a zero authsize or an authsize of at least
4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of
high-order sequence number data at the end of the authenticated data.

While crypto_authenc_esn_setauthsize() already rejects explicit
non-zero authsizes in the range 1..3, crypto_authenc_esn_create()
still copied auth->digestsize into inst->alg.maxauthsize without
validating it. The AEAD core then initialized the tfm's default
authsize from that value.

As a result, selecting an ahash with digest size 1..3, such as
cbcmac(cipher_null), exposed authencesn instances whose default
authsize was invalid even though setauthsize() would have rejected the
same value. AF_ALG could then trigger the ESN tail handling with a
too-short tag and hit an out-of-bounds access.

Reject authencesn instances whose ahash digest size is in the invalid
non-zero range 1..3 so that no tfm can inherit an unsupported default
authsize.
Published: 2026-05-27
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when the Linux kernel’s crypto subsystem allows an authenticated encryption instance to be created with an invalid authentication size derived from an ahash digest size of 1 to 3 bytes. Because the instance inherits this unsupported default authsize, subsequent cryptographic operations can trigger an out‑of‑bounds access when the kernel processes the short authentication tag. An attacker who can trigger the flawed path—by crafting or manipulating data passed to AF_ALG or a similar cryptographic interface—could cause a kernel memory corruption that may lead to execution of arbitrary code or a kernel panic, thereby compromising system integrity and availability.

Affected Systems

All Linux kernel distributions that implement the crypto/authencesn module, as no specific kernel version was provided. The issue is present wherever the default authentication size is inherited during instance creation without proper validation.

Risk and Exploitability

The CVSS score of 7.0 indicates high severity, and the EPSS score is not listed, so the quantitative mean time between attacks remains unknown. The vulnerability is not listed in the CISA KEV catalog. However, the flaw allows memory corruption in kernel space, which is a high‑risk condition for an attacker with the ability to provide malicious input to AF_ALG or a related interface. The lack of a proactive validation step makes the attack surface significant, and the kernel’s privileged execution context could enable privilege escalation or full system compromise if successfully exploited.

Generated by OpenCVE AI on May 28, 2026 at 05:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a Linux kernel update that incorporates the commit rejecting short ahash digests during instance creation
  • Temporarily disable the ESN authenticated encryption algorithm or AF_ALG interface until the update is applied
  • Restrict access to the AF_ALG interface to trusted users or processes only, for example by using SELinux or capability restrictions, until the update is applied

Generated by OpenCVE AI on May 28, 2026 at 05:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CPEs cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
References

Thu, 28 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CWE-787

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1284
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
CWE-787

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject short ahash digests during instance creation authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequence number data at the end of the authenticated data. While crypto_authenc_esn_setauthsize() already rejects explicit non-zero authsizes in the range 1..3, crypto_authenc_esn_create() still copied auth->digestsize into inst->alg.maxauthsize without validating it. The AEAD core then initialized the tfm's default authsize from that value. As a result, selecting an ahash with digest size 1..3, such as cbcmac(cipher_null), exposed authencesn instances whose default authsize was invalid even though setauthsize() would have rejected the same value. AF_ALG could then trigger the ESN tail handling with a too-short tag and hit an out-of-bounds access. Reject authencesn instances whose ahash digest size is in the invalid non-zero range 1..3 so that no tfm can inherit an unsupported default authsize.
Title crypto: authencesn - reject short ahash digests during instance creation
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T17:49:24.256Z

Reserved: 2026-05-13T15:03:33.093Z

Link: CVE-2026-46033

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:17:22.313

Modified: 2026-06-16T17:00:48.497

Link: CVE-2026-46033

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46033 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T05:45:05Z

Weaknesses
  • CWE-125

    Out-of-bounds Read

  • CWE-1284

    Improper Validation of Specified Quantity in Input