{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23060","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.952Z","datePublished":"2026-02-04T16:07:42.860Z","dateUpdated":"2026-05-11T21:59:13.583Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:59:13.583Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec\n\nauthencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than\nthe minimum expected length, crypto_authenc_esn_decrypt() can advance past\nthe end of the destination scatterlist and trigger a NULL pointer dereference\nin scatterwalk_map_and_copy(), leading to a kernel panic (DoS).\n\nAdd a minimum AAD length check to fail fast on invalid inputs."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/authencesn.c"],"versions":[{"version":"104880a6b470958ddc30e139c41aa4f6ed3a5234","lessThan":"df22c9a65e9a9daa368a72fed596af9d7d5876bb","status":"affected","versionType":"git"},{"version":"104880a6b470958ddc30e139c41aa4f6ed3a5234","lessThan":"fee86edf5803f1d1f19e3b4f2dacac241bddfa48","status":"affected","versionType":"git"},{"version":"104880a6b470958ddc30e139c41aa4f6ed3a5234","lessThan":"767e8349f7e929b7dd95c08f0b4cb353459b365e","status":"affected","versionType":"git"},{"version":"104880a6b470958ddc30e139c41aa4f6ed3a5234","lessThan":"b0a9609283a5c852addb513dafa655c61eebc1ef","status":"affected","versionType":"git"},{"version":"104880a6b470958ddc30e139c41aa4f6ed3a5234","lessThan":"161bdc90fce25bd9890adc67fa1c8563a7acbf40","status":"affected","versionType":"git"},{"version":"104880a6b470958ddc30e139c41aa4f6ed3a5234","lessThan":"9532ff0d0e90ff78a214299f594ab9bac81defe4","status":"affected","versionType":"git"},{"version":"104880a6b470958ddc30e139c41aa4f6ed3a5234","lessThan":"2397e9264676be7794f8f7f1e9763d90bd3c7335","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/authencesn.c"],"versions":[{"version":"4.3","status":"affected"},{"version":"0","lessThan":"4.3","status":"unaffected","versionType":"semver"},{"version":"5.10.249","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.199","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.162","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.122","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.68","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.8","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"5.10.249"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"5.15.199"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.1.162"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.6.122"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.12.68"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb"},{"url":"https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48"},{"url":"https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e"},{"url":"https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef"},{"url":"https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40"},{"url":"https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4"},{"url":"https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335"}],"title":"crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec","x_generator":{"engine":"bippy-1.2.0"}}}}