In the Linux kernel, the following vulnerability has been resolved:

crypto: af-alg - fix NULL pointer dereference in scatterwalk

The AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)
when chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL
exactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent
sendmsg() allocates a new SGL and chains it, but fails to clear the end
marker on the previous SGL's last data entry.

This causes the crypto scatterwalk to hit a premature end, returning NULL
on sg_next() and leading to a kernel panic during dereference.

Fix this by explicitly unmarking the end of the previous SGL when
performing sg_chain() in af_alg_alloc_tsgl().

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < f48d3dd99199180cf37d6253550c55e86372309a
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < f9acceae7b004956851fd4268edf9f518a9bce04
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < 7195350fb78538c25cd790d703f8f2c73ee0d395
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < 7cdf2c6381b21ab5ccf8116750d5582fcd6c0f49
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < 44eafa39363e8d5dfda6a8c6eb6b45458ed4b948
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < 00cbdec17c15d024a1c5002c7365df7624a18a75
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < 4b03ab0a587ec57eb7ddb5c115d84a42896f60f7
8ff590903d5fc7f5a0a988c38267a3d08e6393a2 affected < 62397b493e14107ae82d8b80938f293d95425bcb
Linux Linux affected
Version Status Constraints
2.6.38 affected
0 unaffected < 2.6.38
5.10.253 unaffected ≤ 5.10.*
5.15.203 unaffected ≤ 5.15.*
6.1.168 unaffected ≤ 6.1.*
6.6.134 unaffected ≤ 6.6.*
6.12.81 unaffected ≤ 6.12.*
6.18.22 unaffected ≤ 6.18.*
6.19.12 unaffected ≤ 6.19.*
7.0 unaffected ≤ *

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6243-1 linux security update
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/00cbdec17c15d024a1c5002c7365df7624a18a75 cve-icon cve-icon
https://git.kernel.org/stable/c/44eafa39363e8d5dfda6a8c6eb6b45458ed4b948 cve-icon cve-icon
https://git.kernel.org/stable/c/4b03ab0a587ec57eb7ddb5c115d84a42896f60f7 cve-icon cve-icon
https://git.kernel.org/stable/c/62397b493e14107ae82d8b80938f293d95425bcb cve-icon cve-icon
https://git.kernel.org/stable/c/7195350fb78538c25cd790d703f8f2c73ee0d395 cve-icon cve-icon
https://git.kernel.org/stable/c/7cdf2c6381b21ab5ccf8116750d5582fcd6c0f49 cve-icon cve-icon
https://git.kernel.org/stable/c/f48d3dd99199180cf37d6253550c55e86372309a cve-icon cve-icon
https://git.kernel.org/stable/c/f9acceae7b004956851fd4268edf9f518a9bce04 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026050104-CVE-2026-43043-6997@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-43043 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-43043 cve-icon
History

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL) when chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL exactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent sendmsg() allocates a new SGL and chains it, but fails to clear the end marker on the previous SGL's last data entry. This causes the crypto scatterwalk to hit a premature end, returning NULL on sg_next() and leading to a kernel panic during dereference. Fix this by explicitly unmarking the end of the previous SGL when performing sg_chain() in af_alg_alloc_tsgl().
Title crypto: af-alg - fix NULL pointer dereference in scatterwalk
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-01T14:15:39.576Z

Reserved: 2026-05-01T14:12:55.979Z

Link: CVE-2026-43043

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-01T15:16:50.563

Modified: 2026-05-01T15:24:14.893

Link: CVE-2026-43043

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43043 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T07:15:16Z

Weaknesses