{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-43043","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-05-01T14:12:55.979Z","datePublished":"2026-05-01T14:15:39.576Z","dateUpdated":"2026-05-11T22:16:36.820Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:16:36.820Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af-alg - fix NULL pointer dereference in scatterwalk\n\nThe AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)\nwhen chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL\nexactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent\nsendmsg() allocates a new SGL and chains it, but fails to clear the end\nmarker on the previous SGL's last data entry.\n\nThis causes the crypto scatterwalk to hit a premature end, returning NULL\non sg_next() and leading to a kernel panic during dereference.\n\nFix this by explicitly unmarking the end of the previous SGL when\nperforming sg_chain() in af_alg_alloc_tsgl()."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/af_alg.c"],"versions":[{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"f48d3dd99199180cf37d6253550c55e86372309a","status":"affected","versionType":"git"},{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"f9acceae7b004956851fd4268edf9f518a9bce04","status":"affected","versionType":"git"},{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"7195350fb78538c25cd790d703f8f2c73ee0d395","status":"affected","versionType":"git"},{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"7cdf2c6381b21ab5ccf8116750d5582fcd6c0f49","status":"affected","versionType":"git"},{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"44eafa39363e8d5dfda6a8c6eb6b45458ed4b948","status":"affected","versionType":"git"},{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"00cbdec17c15d024a1c5002c7365df7624a18a75","status":"affected","versionType":"git"},{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"4b03ab0a587ec57eb7ddb5c115d84a42896f60f7","status":"affected","versionType":"git"},{"version":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2","lessThan":"62397b493e14107ae82d8b80938f293d95425bcb","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["crypto/af_alg.c"],"versions":[{"version":"2.6.38","status":"affected"},{"version":"0","lessThan":"2.6.38","status":"unaffected","versionType":"semver"},{"version":"5.10.253","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.203","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.168","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.134","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.81","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.22","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.12","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.10.253"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.15.203"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.1.168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.6.134"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.12.81"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.18.22"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.19.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/f48d3dd99199180cf37d6253550c55e86372309a"},{"url":"https://git.kernel.org/stable/c/f9acceae7b004956851fd4268edf9f518a9bce04"},{"url":"https://git.kernel.org/stable/c/7195350fb78538c25cd790d703f8f2c73ee0d395"},{"url":"https://git.kernel.org/stable/c/7cdf2c6381b21ab5ccf8116750d5582fcd6c0f49"},{"url":"https://git.kernel.org/stable/c/44eafa39363e8d5dfda6a8c6eb6b45458ed4b948"},{"url":"https://git.kernel.org/stable/c/00cbdec17c15d024a1c5002c7365df7624a18a75"},{"url":"https://git.kernel.org/stable/c/4b03ab0a587ec57eb7ddb5c115d84a42896f60f7"},{"url":"https://git.kernel.org/stable/c/62397b493e14107ae82d8b80938f293d95425bcb"}],"title":"crypto: af-alg - fix NULL pointer dereference in scatterwalk","x_generator":{"engine":"bippy-1.2.0"}}}}