Out-of-place Decryption Vulnerability in Linux Kernel Products
CVE-2026-43033

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43033?

A vulnerability has been identified in the Linux kernel's cryptographic implementation concerning out-of-place decryption processes. This issue arises during the operation of decrypting data where the source and destination are distinct. Specifically, the high-order sequence bits do not need to be placed at the end of the destination buffer. Instead, the bits can be appropriately rearranged to enhance both efficiency and integrity in the decryption process. This presents potential implications for data integrity and security within systems utilizing the affected versions of the Linux kernel. As a best practice, it is recommended to upgrade to newer kernel versions where this issue has been addressed.

Affected Version(s)

Linux 104880a6b470958ddc30e139c41aa4f6ed3a5234 < 8c62f618576519dbed6816fafc623ce592953025

Linux 104880a6b470958ddc30e139c41aa4f6ed3a5234

Linux 104880a6b470958ddc30e139c41aa4f6ed3a5234 < 5466e7d0cd9e4f9cef9d8f18f18b60e7bc1c77e5

References

https://git.kernel.org/stable/c/8c62f618576519dbed6816faf...

https://git.kernel.org/stable/c/d589abd8b019b07075fda255c...

https://git.kernel.org/stable/c/5466e7d0cd9e4f9cef9d8f18f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43033 Data

JSON