CVE-2026-43330 (GCVE-0-2026-43330)
Vulnerability from cvelistv5
Published
2026-05-08 13:31
Modified
2026-05-11 22:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: caam - fix overflow on long hmac keys
When a key longer than block size is supplied, it is copied and then
hashed into the real key. The memory allocated for the copy needs to
be rounded to DMA cache alignment, as otherwise the hashed key may
corrupt neighbouring memory.
The copying is performed using kmemdup, however this leads to an overflow:
reading more bytes (aligned_len - keylen) from the keylen source buffer.
Fix this by replacing kmemdup with kmalloc, followed by memcpy.
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/caam/caamalg_qi2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "31022cfde5235c45fa765f0aabeff5f0652852f2",
"status": "affected",
"version": "199354d7fb6eaa2cc5bb650af0bca624baffee35",
"versionType": "git"
},
{
"lessThan": "c2fb4984fe09fc176fe4c12d5e3edf626df6511d",
"status": "affected",
"version": "199354d7fb6eaa2cc5bb650af0bca624baffee35",
"versionType": "git"
},
{
"lessThan": "aa545df011338df13f0833fc1fabcb15c0521959",
"status": "affected",
"version": "199354d7fb6eaa2cc5bb650af0bca624baffee35",
"versionType": "git"
},
{
"lessThan": "cebc5ebd958346195b77f42d0cd5141b4e448fae",
"status": "affected",
"version": "199354d7fb6eaa2cc5bb650af0bca624baffee35",
"versionType": "git"
},
{
"lessThan": "80688afb9c35b3934ce2d6be9973758915e2e0ef",
"status": "affected",
"version": "199354d7fb6eaa2cc5bb650af0bca624baffee35",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/caam/caamalg_qi2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.134",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.81",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.134",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.81",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.22",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.12",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: caam - fix overflow on long hmac keys\n\nWhen a key longer than block size is supplied, it is copied and then\nhashed into the real key. The memory allocated for the copy needs to\nbe rounded to DMA cache alignment, as otherwise the hashed key may\ncorrupt neighbouring memory.\n\nThe copying is performed using kmemdup, however this leads to an overflow:\nreading more bytes (aligned_len - keylen) from the keylen source buffer.\nFix this by replacing kmemdup with kmalloc, followed by memcpy."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:22:28.937Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/31022cfde5235c45fa765f0aabeff5f0652852f2"
},
{
"url": "https://git.kernel.org/stable/c/c2fb4984fe09fc176fe4c12d5e3edf626df6511d"
},
{
"url": "https://git.kernel.org/stable/c/aa545df011338df13f0833fc1fabcb15c0521959"
},
{
"url": "https://git.kernel.org/stable/c/cebc5ebd958346195b77f42d0cd5141b4e448fae"
},
{
"url": "https://git.kernel.org/stable/c/80688afb9c35b3934ce2d6be9973758915e2e0ef"
}
],
"title": "crypto: caam - fix overflow on long hmac keys",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-43330",
"datePublished": "2026-05-08T13:31:18.133Z",
"dateReserved": "2026-05-01T14:12:56.002Z",
"dateUpdated": "2026-05-11T22:22:28.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…