{"id":"CVE-2026-43043","summary":"crypto: af-alg - fix NULL pointer dereference in scatterwalk","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af-alg - fix NULL pointer dereference in scatterwalk\n\nThe AF_ALG interface fails to unmark the end of a Scatter/Gather List (SGL)\nwhen chaining a new af_alg_tsgl structure. If a sendmsg() fills an SGL\nexactly to MAX_SGL_ENTS, the last entry is marked as the end. A subsequent\nsendmsg() allocates a new SGL and chains it, but fails to clear the end\nmarker on the previous SGL's last data entry.\n\nThis causes the crypto scatterwalk to hit a premature end, returning NULL\non sg_next() and leading to a kernel panic during dereference.\n\nFix this by explicitly unmarking the end of the previous SGL when\nperforming sg_chain() in af_alg_alloc_tsgl().","modified":"2026-06-18T03:55:59.852666314Z","published":"2026-05-01T14:15:39.576Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43043.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/00cbdec17c15d024a1c5002c7365df7624a18a75"},{"type":"WEB","url":"https://git.kernel.org/stable/c/44eafa39363e8d5dfda6a8c6eb6b45458ed4b948"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b03ab0a587ec57eb7ddb5c115d84a42896f60f7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/62397b493e14107ae82d8b80938f293d95425bcb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7195350fb78538c25cd790d703f8f2c73ee0d395"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7cdf2c6381b21ab5ccf8116750d5582fcd6c0f49"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f48d3dd99199180cf37d6253550c55e86372309a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f9acceae7b004956851fd4268edf9f518a9bce04"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43043.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43043"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"8ff590903d5fc7f5a0a988c38267a3d08e6393a2"},{"fixed":"f48d3dd99199180cf37d6253550c55e86372309a"},{"fixed":"f9acceae7b004956851fd4268edf9f518a9bce04"},{"fixed":"7195350fb78538c25cd790d703f8f2c73ee0d395"},{"fixed":"7cdf2c6381b21ab5ccf8116750d5582fcd6c0f49"},{"fixed":"44eafa39363e8d5dfda6a8c6eb6b45458ed4b948"},{"fixed":"00cbdec17c15d024a1c5002c7365df7624a18a75"},{"fixed":"4b03ab0a587ec57eb7ddb5c115d84a42896f60f7"},{"fixed":"62397b493e14107ae82d8b80938f293d95425bcb"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43043.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.38"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.134"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.81"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.22"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.12"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43043.json"}}],"schema_version":"1.7.5"}