SB2026050223 - Incorrect Calculation of Buffer Size in Linux kernel crypto caam driver



SB2026050223 - Incorrect Calculation of Buffer Size in Linux kernel crypto caam driver

Published: May 2, 2026

Security Bulletin ID SB2026050223
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2026-43044)

CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to corrupt memory.

The vulnerability exists due to improper memory allocation in the caam crypto driver when processing HMAC keys longer than the block size. A local user can supply a specially crafted long HMAC key to corrupt memory.

The issue occurs because the buffer size was not allocated using the rounded DMA cache alignment size.


Remediation

Install update from vendor's website.