[SRU][J/N/Q][PATCH 0/1] CVE-2026-23060
Ian Whitfield
ian.whitfield at canonical.com
Thu Feb 5 23:51:37 UTC 2026
[Impact]
crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec
authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS).
Add a minimum AAD length check to fail fast on invalid inputs.
[Backport]
The patch was applied cleanly.
[Fix]
Questing: Cherry-pick
Noble: Cherry-pick
Jammy: Cherry-pick
Focal: PR on Forgejo
Bionic: Sent to ESM ML
Xenial: Sent to ESM ML
Trusty: not affected
[Test Case]
Compile and boot tested.
[Where problems could occur]
This fix affects those who use the Authenc crypto module, which is required for
the IPsec ESP protocol. An issue with this fix would be visible to the user via
a kernel panic or failure to complete network transactions.
Taeyang Lee (1):
crypto: authencesn - reject too-short AAD (assoclen<8) to match
ESP/ESN spec
crypto/authencesn.c | 6 ++++++
1 file changed, 6 insertions(+)
--
2.43.0
More information about the kernel-team
mailing list