CVE-2026-43077

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-43077

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43077.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-43077

Downstream

BELL-CVE-2026-43077

DEBIAN-CVE-2026-43077

RHSA-2026:13565

RHSA-2026:13566

RHSA-2026:13577

RHSA-2026:13578

RHSA-2026:13681

RHSA-2026:13734

RHSA-2026:13887

RHSA-2026:13932

RHSA-2026:13936

RHSA-2026:14137

RHSA-2026:14165

RHSA-2026:14230

RHSA-2026:14301

RHSA-2026:14339

ROOT-OS-DEBIAN-11-CVE-2026-43077

ROOT-OS-UBUNTU-2204-CVE-2026-43077

ROOT-OS-UBUNTU-2404-CVE-2026-43077

UBUNTU-CVE-2026-43077

Published

2026-05-06T07:40:14.409Z

Modified

2026-05-08T05:01:31.435056Z

Summary

crypto: algif_aead - Fix minimum RX size check for decryption

Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: algif_aead - Fix minimum RX size check for decryption

The check for the minimum receive buffer size did not take the tag size into account during decryption. Fix this by adding the required extra length.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43077.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

d887c52d6ae43aeebd249b5f2f1333e60236aa60

Fixed

74a66fdb5282d89e348b00c42cfca3a936946d94

Fixed

fd427dd84f224309afbcc2cb67c7bb770a01265c

Fixed

1c76b5675119f694458293a2a81f40731c69bd32

Fixed

e86ab1e5661386a874fbb8551f0c04b8e9f8ad22

Fixed

af2fa2fbbced26129813274b8b3f7705f280e174

Fixed

78cea133daf721698876e56135049a96d39d610a

Fixed

3afdc15d6173614d7d834517d9b65e7aa5a08548

Fixed

3d14bd48e3a77091cbce637a12c2ae31b4a1687c

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43077.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.14.0

Fixed

5.10.254

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.204

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.170

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.136

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.83

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.24

Type: ECOSYSTEM
Events: Introduced

6.19.0

Fixed

6.19.14

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43077.json"