Page Reassignment Overflow in Linux Kernel's af_alg Functionality
CVE-2026-43078

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43078?

A vulnerability exists in the Linux Kernel's af_alg subsystem, where an oversight in the page reassignment logic can lead to a condition that attempts to reassign one more page than necessary. This occurs due to an outdated loop in the af_alg_pull_tsgl function. The vulnerability has been addressed with the addition of necessary checks to prevent this overflow, ensuring that page assignments remain accurate. Furthermore, the comments in the code have been updated to remove references to outdated arguments, enhancing code clarity and maintenance.

Affected Version(s)

Linux e870456d8e7c8d57c059ea479b5aadbb55ff4c3a

Linux e870456d8e7c8d57c059ea479b5aadbb55ff4c3a < 2b781d1d4f933990318bcc5c68fb75a717379e42

Linux e870456d8e7c8d57c059ea479b5aadbb55ff4c3a

References

https://git.kernel.org/stable/c/fa48d3ea9cdbfb28c1fd6756c...

https://git.kernel.org/stable/c/2b781d1d4f933990318bcc5c6...

https://git.kernel.org/stable/c/f7826bc0b39928a4a22f6b815...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43078 Data

JSON