製品・ソフトウェアに関する情報

JVN脆弱性詳細

LinuxのLinux Kernelにおける整数オーバーフローの脆弱性

Title	LinuxのLinux Kernelにおける整数オーバーフローの脆弱性
Summary	Linuxカーネルにおいて、lib/cryptoのmpi_read_raw_from_sgl()関数に整数アンダーフローの脆弱性が存在していました。この脆弱性は、scatterlistの長さが指定されたバイト数より長く、かつ先頭のバイトがすべてゼロの場合に発生し、不正な減算によってアンダーフローが起こります。これにより、KEYCTL_PKEY_ENCRYPTシステムコールを特定の条件で呼び出すと、カーネル内で無限ループが発生し、サービス拒否（DoS）状態を引き起こす可能性がありました。本問題は修正されました。
Possible impacts	・当該ソフトウェアが扱う情報について、外部への漏えいは発生しません。・当該ソフトウェアが扱う情報について、書き換えは発生しません。・当該ソフトウェアが完全に停止する可能性があります。
Solution	リリース情報、またはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	May 19, 2026, midnight
Registration Date	June 29, 2026, 11:19 a.m.
Last Update	June 29, 2026, 11:19 a.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected System

Linux

Linux Kernel 4.4 以上 5.10.259 未満

Linux Kernel 5.11 以上 5.15.210 未満

Linux Kernel 5.16 以上 6.1.176 未満

Linux Kernel 6.13 以上 6.18.30 未満

Linux Kernel 6.19 以上 7.0.7 未満

Linux Kernel 6.2 以上 6.6.140 未満

Linux Kernel 6.7 以上 6.12.88 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-43492	https://www.cve.org/CVERecord?id=CVE-2026-43492
National Vulnerability Database (NVD)
2	CVE-2026-43492	https://nvd.nist.gov/vuln/detail/CVE-2026-43492

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-190	https://cwe.mitre.org/data/definitions/190.html

その他

No	Name	URL
関連文書
1	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/1abd50fc3cfa16fc2074a3c8c2729c50fd9d7043)	https://git.kernel.org/stable/c/1abd50fc3cfa16fc2074a3c8c2729c50fd9d7043
2	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/26d3a97ad46c7a9226ec04d4bf35bd4998a97d16)	https://git.kernel.org/stable/c/26d3a97ad46c7a9226ec04d4bf35bd4998a97d16
3	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/2aa77a18dc7f2670497fe3ee5acbeda0b57659e5)	https://git.kernel.org/stable/c/2aa77a18dc7f2670497fe3ee5acbeda0b57659e5
4	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/30e513e755bb381afce6fb57cdc8694136193f22)	https://git.kernel.org/stable/c/30e513e755bb381afce6fb57cdc8694136193f22
5	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/6d63615c796c085b4984e3031b9fa77fffb47360)	https://git.kernel.org/stable/c/6d63615c796c085b4984e3031b9fa77fffb47360
6	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/8637dfb4c1d8a7026ef681f2477c6de8b71c4003)	https://git.kernel.org/stable/c/8637dfb4c1d8a7026ef681f2477c6de8b71c4003
7	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/8c2f1288250a90a4b5cabed5d888d7e3aeed4035)	https://git.kernel.org/stable/c/8c2f1288250a90a4b5cabed5d888d7e3aeed4035
8	lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/a1793a48881ec8d26e9c79b0ee65753f1c6846a4)	https://git.kernel.org/stable/c/a1793a48881ec8d26e9c79b0ee65753f1c6846a4

Change Log

No	Changed Details	Date of change
1	[2026年06月29日] 掲載	June 29, 2026, 11:19 a.m.

NVD Vulnerability Information

CVE-2026-43492

Summary	In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() when subtracting "lzeros" from the unsigned "nbytes". For this to happen, the scatterlist "sgl" needs to occupy more bytes than the "nbytes" parameter and the first "nbytes + 1" bytes of the scatterlist must be zero. Under these conditions, the while loop iterating over the scatterlist will count more zeroes than "nbytes", subtract the number of zeroes from "nbytes" and cause the underflow. When commit 2d4d1eea540b ("lib/mpi: Add mpi sgl helpers") originally introduced the bug, it couldn't be triggered because all callers of mpi_read_raw_from_sgl() passed a scatterlist whose length was equal to "nbytes". However since commit 63ba4d67594a ("KEYS: asymmetric: Use new crypto interface without scatterlists"), the underflow can now actually be triggered. When invoking a KEYCTL_PKEY_ENCRYPT system call with a larger "out_len" than "in_len" and filling the "in" buffer with zeroes, crypto_akcipher_sync_prep() will create an all-zero scatterlist used for both the "src" and "dst" member of struct akcipher_request and thereby fulfil the conditions to trigger the bug: sys_keyctl() keyctl_pkey_e_d_s() asymmetric_key_eds_op() software_key_eds_op() crypto_akcipher_sync_encrypt() crypto_akcipher_sync_prep() crypto_akcipher_encrypt() rsa_enc() mpi_read_raw_from_sgl() To the user this will be visible as a DoS as the kernel spins forever, causing soft lockup splats as a side effect. Fix it.
Publication Date	May 19, 2026, 9:16 p.m.
Registration Date	May 20, 2026, 4:12 a.m.
Last Update	May 23, 2026, 1:33 a.m.

Related information, measures and tools

No	URL	refsource
1	https://git.kernel.org/stable/c/26d3a97ad46c7a9226ec04d4bf35bd4998a97d16	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/2aa77a18dc7f2670497fe3ee5acbeda0b57659e5	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/30e513e755bb381afce6fb57cdc8694136193f22	416baaa9-dc9f-4396-8d5f-8c081fb06d67
4	https://git.kernel.org/stable/c/8637dfb4c1d8a7026ef681f2477c6de8b71c4003	416baaa9-dc9f-4396-8d5f-8c081fb06d67
5	https://git.kernel.org/stable/c/8c2f1288250a90a4b5cabed5d888d7e3aeed4035	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Common Vulnerabilities List