CVE-2026-43077 Overview
CVE-2026-43077 is a Linux kernel vulnerability in the algif_aead AEAD (Authenticated Encryption with Associated Data) socket interface of the kernel crypto subsystem. The minimum receive buffer size check did not account for the authentication tag length during decryption operations. The fix adds the required extra length to the minimum RX size validation. The patch is distributed across multiple stable kernel branches via several upstream commits.
Critical Impact
Insufficient buffer size validation in the kernel AEAD socket interface can lead to incorrect decryption handling when the receive buffer is undersized relative to the tag length.
Affected Products
- Linux kernel (mainline and stable trees containing the algif_aead crypto user API)
- Specific affected ranges are defined by the upstream stable commits referenced below
- Distribution kernels that ship algif_aead and have not yet picked up the backported fix
Discovery Timeline
- 2026-05-06 - CVE-2026-43077 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-43077
Vulnerability Analysis
The vulnerability resides in algif_aead, the AF_ALG kernel module that exposes the kernel's AEAD ciphers to userspace through socket operations. AEAD algorithms produce ciphertext plus an authentication tag during encryption and require both inputs during decryption. The receive-side buffer size check in the decryption path did not include the tag length when validating the minimum required buffer.
As a result, the kernel could accept a receive buffer that is smaller than the actual plaintext-plus-tag accounting requires. The fix adds the missing tag length to the minimum size calculation, ensuring algif_aead rejects undersized buffers before processing decryption requests.
Root Cause
The root cause is an Input Validation Error in the boundary check applied to the user-supplied receive buffer. The original logic compared the buffer size against the expected plaintext length without adding the tag size that AEAD decryption requires. This is a missing-length-component bug in size accounting rather than a memory-corruption primitive in the cryptographic transform itself.
Attack Vector
Exploitation requires local access to a system where a process can open an AF_ALG socket and bind it to an AEAD algorithm. A local user issues recvmsg() on the socket with a buffer that lacks the additional tag-length headroom. Without the corrected check, the decryption path proceeds with insufficient receive space accounting. The fix is contained to the algif_aead size validation and does not change the AEAD transform contract.
No verified public exploit code is available for this issue. Refer to the upstream commits for the precise change. See the upstream fix commit and the associated stable backports for the patch diffs.
Detection Methods for CVE-2026-43077
Indicators of Compromise
- No file-based or network IOCs are published for this kernel issue
- Kernel version strings indicating an unpatched build that still includes algif_aead without the tag-size fix
- Audit traces of processes opening AF_ALG sockets with AEAD salg_type and issuing decryption recvmsg() calls
Detection Strategies
- Inventory running kernels and compare against the fixed commit hashes listed in the stable tree references
- Use auditd rules on the socket and bind syscalls to record AF_ALG usage by non-privileged processes
- Flag userspace binaries that link against AF_ALG helper libraries on systems where kernel-side userspace crypto is not expected
Monitoring Recommendations
- Monitor kernel package versions through configuration management and alert on hosts missing the backported fix
- Track dmesg and kernel audit output for unusual algif_aead usage patterns from unprivileged UIDs
- Correlate AF_ALG socket activity with process lineage to identify unexpected callers in production workloads
How to Mitigate CVE-2026-43077
Immediate Actions Required
- Apply the kernel updates from your distribution that include the algif_aead minimum RX size fix
- Identify the stable branch in use and verify it contains one of the upstream commits referenced in NVD
- Restrict access to AF_ALG sockets where userspace cryptographic offload is not required
Patch Information
The fix is upstream in the Linux kernel crypto subsystem and has been backported to multiple stable trees. The relevant commits include 1c76b5675119, 3afdc15d6173, 3d14bd48e3a7, 74a66fdb5282, 78cea133daf7, af2fa2fbbced, e86ab1e56613, and fd427dd84f22. Consult the Linux stable tree for the exact diff and pull the distribution package that incorporates the corresponding backport.
Workarounds
- Disable or unload the algif_aead module on systems that do not require userspace AEAD crypto via AF_ALG
- Use seccomp or LSM policy to block socket(AF_ALG, ...) for workloads that should not access kernel crypto sockets
- Constrain container and sandbox profiles to drop the AF_ALG address family where it is not needed
# Configuration example
# Verify whether algif_aead is loaded
lsmod | grep algif_aead
# Prevent the module from loading at boot
echo 'blacklist algif_aead' | sudo tee /etc/modprobe.d/blacklist-algif_aead.conf
# Confirm running kernel version against patched commits
uname -r
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
