{"id":"CVE-2026-43033","summary":"crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption\n\nWhen decrypting data that is not in-place (src != dst), there is\nno need to save the high-order sequence bits in dst as it could\nsimply be re-copied from the source.\n\nHowever, the data to be hashed need to be rearranged accordingly.\n\n\nThanks,","modified":"2026-05-18T06:00:12.120027610Z","published":"2026-05-01T14:15:32.583Z","related":["CGA-6w34-m5g3-8qx3"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43033.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/153d5520c3f9fd62e71c7e7f9e34b59cf411e555"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5466e7d0cd9e4f9cef9d8f18f18b60e7bc1c77e5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89fe118b6470119b20c04afc36e45b81a69ea11f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c62f618576519dbed6816fafc623ce592953025"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cded4002d22177e8deaca1f257ecd932c9582b6b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d0c4ff6812386880f30bc64c2921299cc4d7b47f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d589abd8b019b07075fda255ceab8c8e950cdb3f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e02494114ebf7c8b42777c6cd6982f113bfdbec7"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43033.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43033"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"104880a6b470958ddc30e139c41aa4f6ed3a5234"},{"fixed":"8c62f618576519dbed6816fafc623ce592953025"},{"fixed":"d589abd8b019b07075fda255ceab8c8e950cdb3f"},{"fixed":"5466e7d0cd9e4f9cef9d8f18f18b60e7bc1c77e5"},{"fixed":"d0c4ff6812386880f30bc64c2921299cc4d7b47f"},{"fixed":"89fe118b6470119b20c04afc36e45b81a69ea11f"},{"fixed":"153d5520c3f9fd62e71c7e7f9e34b59cf411e555"},{"fixed":"cded4002d22177e8deaca1f257ecd932c9582b6b"},{"fixed":"e02494114ebf7c8b42777c6cd6982f113bfdbec7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43033.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.3.0"},{"fixed":"5.10.254"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.204"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.170"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.137"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.85"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43033.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}