CVE-2026-46033
Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-125
Lectura fuera de límites
Fecha de publicación:
27/05/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
crypto: authencesn - reject short ahash digests during instance creation<br />
<br />
authencesn requires either a zero authsize or an authsize of at least<br />
4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of<br />
high-order sequence number data at the end of the authenticated data.<br />
<br />
While crypto_authenc_esn_setauthsize() already rejects explicit<br />
non-zero authsizes in the range 1..3, crypto_authenc_esn_create()<br />
still copied auth->digestsize into inst->alg.maxauthsize without<br />
validating it. The AEAD core then initialized the tfm&#39;s default<br />
authsize from that value.<br />
<br />
As a result, selecting an ahash with digest size 1..3, such as<br />
cbcmac(cipher_null), exposed authencesn instances whose default<br />
authsize was invalid even though setauthsize() would have rejected the<br />
same value. AF_ALG could then trigger the ESN tail handling with a<br />
too-short tag and hit an out-of-bounds access.<br />
<br />
Reject authencesn instances whose ahash digest size is in the invalid<br />
non-zero range 1..3 so that no tfm can inherit an unsupported default<br />
authsize.
Impacto
Puntuación base 3.x
7.10
Gravedad 3.x
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.11 (incluyendo) | 5.10.258 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.11 (incluyendo) | 5.15.209 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (incluyendo) | 6.1.175 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (incluyendo) | 6.6.140 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (incluyendo) | 6.12.86 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (incluyendo) | 6.18.27 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (incluyendo) | 7.0.4 (excluyendo) |
| cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/2f31cd1e64a079c845bca31d2da7b3c90a311726
- https://git.kernel.org/stable/c/5db6ef9847717329f12c5ea8aba7e9f588a980c0
- https://git.kernel.org/stable/c/67f1f0933cc3d78dde222842bcad2778ec7a0b88
- https://git.kernel.org/stable/c/77f59fb2d3aa33e90ec6cbbf45dcfb20ab82b1a9
- https://git.kernel.org/stable/c/9aff81e8217e9de2929084b03b3c7f81988c112b
- https://git.kernel.org/stable/c/b42821c15445f93daea3e76ada682b2b7181c476
- https://git.kernel.org/stable/c/b69933e97efea238ebbfcf70c2b1be1cd03f13e3
- https://git.kernel.org/stable/c/d4c6a6d08e70bb1083c7c405fc7faacbf19aebc0
- https://access.redhat.com/security/cve/CVE-2026-46033
- https://bugzilla.redhat.com/show_bug.cgi?id=2482000
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46033.json



