Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-23060
PUBLISHED
More InfoOfficial Page
Assigner-Linux
Assigner Org ID-416baaa9-dc9f-4396-8d5f-8c081fb06d67
View Known Exploited Vulnerability (KEV) details
Published At-04 Feb, 2026 | 16:07
Updated At-11 May, 2026 | 21:59
Rejected At-
▼CVE Numbering Authority (CNA)
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.

Affected Products
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • crypto/authencesn.c
Default Status
unaffected
Versions
Affected
  • From 104880a6b470958ddc30e139c41aa4f6ed3a5234 before df22c9a65e9a9daa368a72fed596af9d7d5876bb (git)
  • From 104880a6b470958ddc30e139c41aa4f6ed3a5234 before fee86edf5803f1d1f19e3b4f2dacac241bddfa48 (git)
  • From 104880a6b470958ddc30e139c41aa4f6ed3a5234 before 767e8349f7e929b7dd95c08f0b4cb353459b365e (git)
  • From 104880a6b470958ddc30e139c41aa4f6ed3a5234 before b0a9609283a5c852addb513dafa655c61eebc1ef (git)
  • From 104880a6b470958ddc30e139c41aa4f6ed3a5234 before 161bdc90fce25bd9890adc67fa1c8563a7acbf40 (git)
  • From 104880a6b470958ddc30e139c41aa4f6ed3a5234 before 9532ff0d0e90ff78a214299f594ab9bac81defe4 (git)
  • From 104880a6b470958ddc30e139c41aa4f6ed3a5234 before 2397e9264676be7794f8f7f1e9763d90bd3c7335 (git)
Vendor
Linux Kernel Organization, IncLinux
Product
Linux
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Program Files
  • crypto/authencesn.c
Default Status
affected
Versions
Affected
  • 4.3
Unaffected
  • From 0 before 4.3 (semver)
  • From 5.10.249 through 5.10.* (semver)
  • From 5.15.199 through 5.15.* (semver)
  • From 6.1.162 through 6.1.* (semver)
  • From 6.6.122 through 6.6.* (semver)
  • From 6.12.68 through 6.12.* (semver)
  • From 6.18.8 through 6.18.* (semver)
  • From 6.19 through * (original_commit_for_fix)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb
N/A
https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48
N/A
https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e
N/A
https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef
N/A
https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40
N/A
https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4
N/A
https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335
N/A
Hyperlink: https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4
Resource: N/A
Hyperlink: https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335
Resource: N/A
Details not found