製品・ソフトウェアに関する情報

JVN脆弱性詳細

LinuxのLinux Kernelにおける不特定の脆弱性

Title	LinuxのLinux Kernelにおける不特定の脆弱性
Summary	Linuxカーネルにおいて、crypto: authencesnモジュールのout-of-place復号化時にhiseqをdstの末尾に誤って配置してしまう問題が修正されました。in-placeでないデータ復号化の場合、高位シーケンスビットをdstに保存する必要はなく、元のソースから再度コピーすれば十分です。また、ハッシュ処理用のデータも適切に再配置されなければなりません。
Possible impacts	当該ソフトウェアが扱う全ての情報が外部に漏れる可能性があります。また、当該ソフトウェアが扱う全ての情報が書き換えられる可能性があります。さらに、当該ソフトウェアが完全に停止する可能性があります。そして、この脆弱性を悪用した攻撃の影響は、他のソフトウェアには及びません。
Solution	リリース情報、またはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	May 1, 2026, midnight
Registration Date	May 11, 2026, 11:08 a.m.
Last Update	May 11, 2026, 11:08 a.m.

CVSS3.0 : 重要
Score	7.8
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected System

Linux

Linux Kernel 4.3 以上 5.10.254 未満

Linux Kernel 5.11 以上 5.15.204 未満

Linux Kernel 5.16 以上 6.1.170 未満

Linux Kernel 6.13 以上 6.18.22 未満

Linux Kernel 6.19 以上 6.19.12 未満

Linux Kernel 6.2 以上 6.6.137 未満

Linux Kernel 6.7 以上 6.12.85 未満

Linux Kernel 7.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-43033	https://www.cve.org/CVERecord?id=CVE-2026-43033
National Vulnerability Database (NVD)
2	CVE-2026-43033	https://nvd.nist.gov/vuln/detail/CVE-2026-43033

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/153d5520c3f9fd62e71c7e7f9e34b59cf411e555)	https://git.kernel.org/stable/c/153d5520c3f9fd62e71c7e7f9e34b59cf411e555
2	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/5466e7d0cd9e4f9cef9d8f18f18b60e7bc1c77e5)	https://git.kernel.org/stable/c/5466e7d0cd9e4f9cef9d8f18f18b60e7bc1c77e5
3	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/89fe118b6470119b20c04afc36e45b81a69ea11f)	https://git.kernel.org/stable/c/89fe118b6470119b20c04afc36e45b81a69ea11f
4	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/8c62f618576519dbed6816fafc623ce592953025)	https://git.kernel.org/stable/c/8c62f618576519dbed6816fafc623ce592953025
5	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/cded4002d22177e8deaca1f257ecd932c9582b6b)	https://git.kernel.org/stable/c/cded4002d22177e8deaca1f257ecd932c9582b6b
6	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/d0c4ff6812386880f30bc64c2921299cc4d7b47f)	https://git.kernel.org/stable/c/d0c4ff6812386880f30bc64c2921299cc4d7b47f
7	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/d589abd8b019b07075fda255ceab8c8e950cdb3f)	https://git.kernel.org/stable/c/d589abd8b019b07075fda255ceab8c8e950cdb3f
8	crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/e02494114ebf7c8b42777c6cd6982f113bfdbec7)	https://git.kernel.org/stable/c/e02494114ebf7c8b42777c6cd6982f113bfdbec7

Change Log

No	Changed Details	Date of change
1	[2026年05月11日] 掲載	May 11, 2026, 11:08 a.m.

NVD Vulnerability Information

CVE-2026-43033

Summary	In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src != dst), there is no need to save the high-order sequence bits in dst as it could simply be re-copied from the source. However, the data to be hashed need to be rearranged accordingly. Thanks,
Publication Date	May 2, 2026, 12:16 a.m.
Registration Date	May 2, 2026, 4:07 a.m.
Last Update	May 9, 2026, 3:40 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	4.3			5.10.254
cpe:2.3:o:linux:linux_kernel::::::::	5.11			5.15.204
cpe:2.3:o:linux:linux_kernel::::::::	5.16			6.1.170
cpe:2.3:o:linux:linux_kernel::::::::	6.2			6.6.137
cpe:2.3:o:linux:linux_kernel::::::::	6.7			6.12.85
cpe:2.3:o:linux:linux_kernel::::::::	6.13			6.18.22
cpe:2.3:o:linux:linux_kernel::::::::	6.19			6.19.12
cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

Related information, measures and tools

No	URL	refsource
1	https://git.kernel.org/stable/c/153d5520c3f9fd62e71c7e7f9e34b59cf411e555	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/5466e7d0cd9e4f9cef9d8f18f18b60e7bc1c77e5	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/89fe118b6470119b20c04afc36e45b81a69ea11f	416baaa9-dc9f-4396-8d5f-8c081fb06d67
4	https://git.kernel.org/stable/c/8c62f618576519dbed6816fafc623ce592953025	416baaa9-dc9f-4396-8d5f-8c081fb06d67
5	https://git.kernel.org/stable/c/cded4002d22177e8deaca1f257ecd932c9582b6b	416baaa9-dc9f-4396-8d5f-8c081fb06d67
6	https://git.kernel.org/stable/c/d0c4ff6812386880f30bc64c2921299cc4d7b47f	416baaa9-dc9f-4396-8d5f-8c081fb06d67
7	https://git.kernel.org/stable/c/d589abd8b019b07075fda255ceab8c8e950cdb3f	416baaa9-dc9f-4396-8d5f-8c081fb06d67
8	https://git.kernel.org/stable/c/e02494114ebf7c8b42777c6cd6982f113bfdbec7	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Common Vulnerabilities List