CVE-2026-23060

MEDIUM EPSS 2.4%
Published Feb 4, 20264mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 4, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥4.3  –  <5.10.249
linuxlinux_kernel*≥5.11  –  <5.15.199
linuxlinux_kernel*≥5.16  –  <6.1.162
linuxlinux_kernel*≥6.2  –  <6.6.122
linuxlinux_kernel*≥6.7  –  <6.12.68
linuxlinux_kernel*≥6.13  –  <6.18.8
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any
linuxlinux_kernel6.19any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48
    Patch