{ "threat_severity" : "Important", "public_date" : "2026-05-06T00:00:00Z", "bugzilla" : { "description" : "kernel: crypto: algif_aead - Fix minimum RX size check for decryption", "id" : "2467022", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2467022" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-131", "details" : [ "A flaw was found in the Linux kernel, specifically within the `algif_aead` module. The vulnerability involves an incorrect check for the minimum receive buffer size during decryption, which did not properly account for the tag size. This could potentially lead to issues with data integrity or processing during cryptographic decryption operations." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13566", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.55.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13887", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "kernel-0:6.12.0-55.71.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13578", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.123.1.rt7.464.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13577", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.123.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14165", "cpe" : "cpe:/o:redhat:rhel_aus:8.4", "package" : "kernel-0:4.18.0-305.190.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14165", "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4", "package" : "kernel-0:4.18.0-305.190.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14230", "cpe" : "cpe:/o:redhat:rhel_aus:8.6", "package" : "kernel-0:4.18.0-372.191.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14230", "cpe" : "cpe:/o:redhat:rhel_tus:8.6", "package" : "kernel-0:4.18.0-372.191.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14230", "cpe" : "cpe:/o:redhat:rhel_e4s:8.6", "package" : "kernel-0:4.18.0-372.191.1.el8_6" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13681", "cpe" : "cpe:/o:redhat:rhel_tus:8.8", "package" : "kernel-0:4.18.0-477.139.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13681", "cpe" : "cpe:/o:redhat:rhel_e4s:8.8", "package" : "kernel-0:4.18.0-477.139.1.el8_8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13565", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.54.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-05-04T00:00:00Z", "advisory" : "RHSA-2026:13565", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.54.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13936", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0", "package" : "kernel-0:5.14.0-70.178.1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14137", "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv", "package" : "kernel-rt-0:5.14.0-70.178.1.rt21.250.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-05-05T00:00:00Z", "advisory" : "RHSA-2026:13734", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2", "package" : "kernel-0:5.14.0-284.169.1.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14301", "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv", "package" : "kernel-rt-0:5.14.0-284.169.1.rt14.454.el9_2" }, { "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:13932", "cpe" : "cpe:/a:redhat:rhel_eus:9.4", "package" : "kernel-0:5.14.0-427.124.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-05-06T00:00:00Z", "advisory" : "RHSA-2026:14339", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "kernel-0:5.14.0-570.112.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-43077\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43077\nhttps://lore.kernel.org/linux-cve-announce/2026050612-CVE-2026-43077-d7b1@gregkh/T" ], "name" : "CVE-2026-43077", "csaw" : false }