CVE-2026-23060 Overview
A NULL pointer dereference vulnerability has been identified in the Linux kernel's crypto subsystem, specifically in the authencesn module used for ESP/ESN (Encapsulating Security Payload with Extended Sequence Numbers) processing. The vulnerability occurs when the Associated Authenticated Data (AAD) length is shorter than the minimum expected 8 bytes, causing crypto_authenc_esn_decrypt() to advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy().
Critical Impact
Exploitation of this vulnerability can lead to a kernel panic, resulting in a complete system denial of service (DoS). Systems using IPsec with ESN are particularly at risk.
Affected Products
- Linux kernel (multiple versions with authencesn crypto module)
- Systems using IPsec/ESP with Extended Sequence Numbers (ESN)
- Network appliances and servers with kernel-level cryptographic operations
Discovery Timeline
- 2026-02-04 - CVE CVE-2026-23060 published to NVD
- 2026-02-05 - Last updated in NVD database
Technical Details for CVE-2026-23060
Vulnerability Analysis
The authencesn module in the Linux kernel crypto subsystem is designed to handle authenticated encryption with associated data specifically formatted for ESP/ESN (Encapsulating Security Payload with Extended Sequence Numbers). The module expects AAD to be at least 8 bytes in length to contain the necessary ESP header fields and sequence number information.
When crypto_authenc_esn_decrypt() receives an AAD with assoclen less than 8 bytes, the function proceeds without proper validation. During decryption processing, the code attempts to walk through the scatterlist structure beyond its allocated bounds. This causes scatterwalk_map_and_copy() to dereference a NULL pointer when it encounters the premature end of the scatterlist, resulting in a kernel panic.
The lack of input validation at the cryptographic API boundary allows malformed packets or crafted inputs to reach this vulnerable code path, making it exploitable by both local users with access to kernel crypto interfaces and potentially by remote attackers via specially crafted network packets targeting IPsec implementations.
Root Cause
The root cause is missing input validation in the authencesn decrypt path. The code assumes that AAD will always conform to the ESP/ESN specification with a minimum length of 8 bytes, but this assumption is not enforced with a proper bounds check before processing begins. The fix adds a minimum AAD length validation to fail fast on invalid inputs before any scatterlist operations occur.
Attack Vector
An attacker can exploit this vulnerability by providing malformed cryptographic operations with AAD shorter than 8 bytes. This can occur through:
Local exploitation: A local user with access to the kernel crypto API (via AF_ALG sockets or similar interfaces) can craft requests with short AAD values to trigger the panic.
Network-based exploitation: If the vulnerable code path is reachable through IPsec packet processing, a remote attacker could potentially send specially crafted packets that result in short AAD being passed to the authencesn module.
The vulnerability triggers when the kernel processes the malformed AAD, causing scatterwalk_map_and_copy() to attempt dereferencing beyond valid memory, resulting in a NULL pointer dereference and immediate kernel panic.
Detection Methods for CVE-2026-23060
Indicators of Compromise
- Unexpected kernel panics with call traces involving scatterwalk_map_and_copy() or crypto_authenc_esn_decrypt()
- System crashes during IPsec/VPN operations with ESP Extended Sequence Numbers enabled
- Kernel log messages indicating NULL pointer dereferences in the crypto subsystem
- Repeated system reboots without apparent cause on systems handling encrypted network traffic
Detection Strategies
- Monitor kernel logs for panic messages referencing authencesn, scatterwalk_map_and_copy, or ESP-related functions
- Implement anomaly detection for unusual AF_ALG socket activity with small buffer sizes
- Deploy kernel function tracing (ftrace) on production systems to monitor crypto API calls with abnormal parameters
- Review IPsec/VPN logs for malformed packet indicators that could precede exploitation attempts
Monitoring Recommendations
- Enable kernel crash dump collection to capture forensic data if exploitation occurs
- Configure monitoring for system uptime anomalies that may indicate DoS attacks
- Implement network monitoring for malformed IPsec/ESP packets targeting vulnerable systems
- Set up alerts for repeated kernel module crashes or reloads in the crypto subsystem
How to Mitigate CVE-2026-23060
Immediate Actions Required
- Apply the latest kernel security patches from your distribution immediately
- Review and restrict access to kernel crypto interfaces (AF_ALG sockets) to essential users only
- Consider temporarily disabling ESN (Extended Sequence Numbers) in IPsec configurations if immediate patching is not possible
- Monitor systems for signs of exploitation while patch deployment is in progress
Patch Information
The Linux kernel maintainers have released patches to address this vulnerability by adding a minimum AAD length check in the authencesn module. The fix ensures that inputs with assoclen < 8 are rejected early, preventing the NULL pointer dereference.
Official patches are available through the following kernel git commits:
- Kernel Git Commit 161bdc90
- Kernel Git Commit 2397e926
- Kernel Git Commit 9532ff0d
- Kernel Git Commit b0a96092
Contact your Linux distribution vendor for backported security updates appropriate for your kernel version.
Workarounds
- Restrict access to the AF_ALG socket interface by limiting which users and processes can create AF_ALG sockets
- Implement network-level filtering to drop malformed IPsec/ESP packets before they reach vulnerable systems
- If ESN is not required, disable Extended Sequence Numbers in IPsec configurations as a temporary mitigation
- Deploy kernel live patching solutions (kpatch, livepatch) if available for your distribution to apply fixes without rebooting
# Configuration example
# Restrict AF_ALG socket access (add to /etc/sysctl.conf)
# Note: This may impact legitimate crypto operations
# kernel.unprivileged_userns_clone = 0
# Check current kernel version for patch status
uname -r
# Verify if authencesn module is loaded
lsmod | grep authencesn
# Review IPsec ESN configuration
ip xfrm state list | grep -i esn
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
