Memory Corruption Issue in Linux Kernel Crypto Module
CVE-2026-43044

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43044?

A memory corruption vulnerability exists in the Linux kernel's crypto module that can occur when handling HMAC keys longer than the block size. Specifically, the fault arises when a key is incorrectly allocated in memory; while the implementation attempts to ensure proper DMA cache alignment, it fails to apply this correction during memory allocation. Consequently, this can lead to the hashing operation corrupting adjacent memory spaces. This issue has been addressed with a fix that replaces the memory duplication method with a more robust allocation strategy, enhancing the integrity and security of cryptographic operations.

Affected Version(s)

Linux 199354d7fb6eaa2cc5bb650af0bca624baffee35

Linux 199354d7fb6eaa2cc5bb650af0bca624baffee35 < 68feed135a0c7243a9275ae7e6a18260f755f52b

References

https://git.kernel.org/stable/c/a7ecf06d3ee06e9b3322e1e7b...

https://git.kernel.org/stable/c/c0c133e0225d87aad326bb90b...

https://git.kernel.org/stable/c/68feed135a0c7243a9275ae7e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43044 Data

JSON