CVE-2026-43492
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
19/05/2026
Last modified:
26/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl()<br />
<br />
Yiming reports an integer underflow in mpi_read_raw_from_sgl() when<br />
subtracting "lzeros" from the unsigned "nbytes".<br />
<br />
For this to happen, the scatterlist "sgl" needs to occupy more bytes<br />
than the "nbytes" parameter and the first "nbytes + 1" bytes of the<br />
scatterlist must be zero. Under these conditions, the while loop<br />
iterating over the scatterlist will count more zeroes than "nbytes",<br />
subtract the number of zeroes from "nbytes" and cause the underflow.<br />
<br />
When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally<br />
introduced the bug, it couldn&#39;t be triggered because all callers of<br />
mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to<br />
"nbytes".<br />
<br />
However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto<br />
interface without scatterlists"), the underflow can now actually be<br />
triggered. When invoking a KEYCTL_PKEY_ENCRYPT system call with a<br />
larger "out_len" than "in_len" and filling the "in" buffer with zeroes,<br />
crypto_akcipher_sync_prep() will create an all-zero scatterlist used for<br />
both the "src" and "dst" member of struct akcipher_request and thereby<br />
fulfil the conditions to trigger the bug:<br />
<br />
sys_keyctl()<br />
keyctl_pkey_e_d_s()<br />
asymmetric_key_eds_op()<br />
software_key_eds_op()<br />
crypto_akcipher_sync_encrypt()<br />
crypto_akcipher_sync_prep()<br />
crypto_akcipher_encrypt()<br />
rsa_enc()<br />
mpi_read_raw_from_sgl()<br />
<br />
To the user this will be visible as a DoS as the kernel spins forever,<br />
causing soft lockup splats as a side effect.<br />
<br />
Fix it.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.4 (including) | 5.10.259 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (including) | 5.15.210 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.176 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.140 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.88 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.30 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.7 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1abd50fc3cfa16fc2074a3c8c2729c50fd9d7043
- https://git.kernel.org/stable/c/26d3a97ad46c7a9226ec04d4bf35bd4998a97d16
- https://git.kernel.org/stable/c/2aa77a18dc7f2670497fe3ee5acbeda0b57659e5
- https://git.kernel.org/stable/c/30e513e755bb381afce6fb57cdc8694136193f22
- https://git.kernel.org/stable/c/6d63615c796c085b4984e3031b9fa77fffb47360
- https://git.kernel.org/stable/c/8637dfb4c1d8a7026ef681f2477c6de8b71c4003
- https://git.kernel.org/stable/c/8c2f1288250a90a4b5cabed5d888d7e3aeed4035
- https://git.kernel.org/stable/c/a1793a48881ec8d26e9c79b0ee65753f1c6846a4



