{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53302","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.397Z","datePublished":"2026-06-26T19:40:58.636Z","dateUpdated":"2026-06-26T19:40:58.636Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-26T19:40:58.636Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: eip93 - fix hmac setkey algo selection\n\neip93_hmac_setkey() allocates a temporary ahash transform for\ncomputing HMAC ipad/opad key material. The allocation uses the\ndriver-specific cra_driver_name (e.g. \"sha256-eip93\") but passes\nCRYPTO_ALG_ASYNC as the mask, which excludes async algorithms.\n\nSince the EIP93 hash algorithms are the only ones registered\nunder those driver names and they are inherently async, the\nlookup is self-contradictory and always fails with -ENOENT.\n\nWhen called from the AEAD setkey path, this failure leaves the\nSA record partially initialized with zeroed digest fields. A\nsubsequent crypto operation then dereferences a NULL pointer in\nthe request context, resulting in a kernel panic:\n\n```\n  pc : eip93_aead_handle_result+0xc8c/0x1240 [crypto_hw_eip93]\n  lr : eip93_aead_handle_result+0xbec/0x1240 [crypto_hw_eip93]\n  sp : ffffffc082feb820\n  x29: ffffffc082feb820 x28: ffffff8011043980 x27: 0000000000000000\n  x26: 0000000000000000 x25: ffffffc078da0bc8 x24: 0000000091043980\n  x23: ffffff8004d59e50 x22: ffffff8004d59410 x21: ffffff8004d593c0\n  x20: ffffff8004d593c0 x19: ffffff8004d4f300 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fda7aa498\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: fffffffff8127a80 x9 : 0000000000000000\n  x8 : ffffff8004d4f380 x7 : 0000000000000000 x6 : 000000000000003f\n  x5 : 0000000000000040 x4 : 0000000000000008 x3 : 0000000000000009\n  x2 : 0000000000000008 x1 : 0000000028000003 x0 : ffffff8004d388c0\n  Code: 910142b6 f94012e0 f9002aa0 f90006d3 (f9400740)\n```\n\nThe reported symbol eip93_aead_handle_result+0xc8c is a\nresolution artifact from static functions being merged under\nthe nearest exported symbol. Decoding the faulting sequence:\n\n```\n  910142b6  ADD  X22, X21, #0x50\n  f94012e0  LDR  X0, [X23, #0x20]\n  f9002aa0  STR  X0, [X21, #0x50]\n  f90006d3  STR  X19, [X22, #0x8]\n  f9400740  LDR  X0, [X26, #0x8]\n```\n\nThe faulting LDR at [X26, #0x8] is loading ctx->flags\n(offset 8 in eip93_hash_ctx), where ctx has been resolved\nto NULL from a partially initialized or unreachable\ntransform context following the failed setkey.\n\nFix this by dropping the CRYPTO_ALG_ASYNC mask from the\ncrypto_alloc_ahash() call. The code already handles async\ncompletion correctly via crypto_wait_req(), so there is no\nrequirement to restrict the lookup to synchronous algorithms.\n\nNote that hashing a single 64-byte block through the hardware\nis likely slower than doing it in software due to the DMA\nround-trip overhead, but offloading it may still spare CPU\ncycles on the slower embedded cores where this IP is found.\n\n[Detailed investigation report of this bug]"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/inside-secure/eip93/eip93-common.c"],"versions":[{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"fc9310d79fdb117b369a01eb00f4fd5fb4849d4e","status":"affected","versionType":"git"},{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"ec226d3e58bb9f0e26a77346085b6b4d594d53d8","status":"affected","versionType":"git"},{"version":"9739f5f93b7806a684713ba42e6ed2d1df7c8100","lessThan":"3ba3b02f897b14e34977e1886d95ffe64d907204","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/crypto/inside-secure/eip93/eip93-common.c"],"versions":[{"version":"6.15","status":"affected"},{"version":"0","lessThan":"6.15","status":"unaffected","versionType":"semver"},{"version":"6.18.33","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.33"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"7.0.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/fc9310d79fdb117b369a01eb00f4fd5fb4849d4e"},{"url":"https://git.kernel.org/stable/c/ec226d3e58bb9f0e26a77346085b6b4d594d53d8"},{"url":"https://git.kernel.org/stable/c/3ba3b02f897b14e34977e1886d95ffe64d907204"}],"title":"crypto: eip93 - fix hmac setkey algo selection","x_generator":{"engine":"bippy-1.2.0"}}}}