SB2026050963 - Out-of-bounds read in Linux kernel crypto caam driver
Published: May 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2026-43330)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause memory corruption.
The vulnerability exists due to an out-of-bounds read in the caam crypto driver when processing HMAC keys longer than the block size. A local user can supply a specially crafted long HMAC key to cause memory corruption.
The issue occurs because the copied key buffer is rounded to DMA cache alignment, which can result in reading past the end of the source key buffer.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/31022cfde5235c45fa765f0aabeff5f0652852f2
- https://git.kernel.org/stable/c/80688afb9c35b3934ce2d6be9973758915e2e0ef
- https://git.kernel.org/stable/c/aa545df011338df13f0833fc1fabcb15c0521959
- https://git.kernel.org/stable/c/c2fb4984fe09fc176fe4c12d5e3edf626df6511d
- https://git.kernel.org/stable/c/cebc5ebd958346195b77f42d0cd5141b4e448fae