CVE-2026-43330 Overview
CVE-2026-43330 is an out-of-bounds read vulnerability [CWE-787] in the Linux kernel's Cryptographic Acceleration and Assurance Module (CAAM) driver. The flaw resides in the HMAC key handling routine, where keys longer than the block size are copied into a DMA-aligned buffer before being hashed. The driver uses kmemdup to perform the copy, which reads aligned_len bytes from a source buffer of only keylen bytes. This results in an out-of-bounds read and may corrupt neighboring memory when the hashed key is written back. The issue affects multiple Linux kernel releases, including 7.0 release candidates rc1 through rc6.
Critical Impact
Local attackers with low-privilege access to crypto interfaces on systems using the CAAM driver can trigger memory corruption, leading to potential privilege escalation, information disclosure, or kernel denial of service.
Affected Products
- Linux Kernel (multiple stable branches affected per upstream commits)
- Linux Kernel 7.0-rc1 through 7.0-rc6
- Systems using the crypto: caam driver (commonly NXP/Freescale i.MX and QorIQ SoCs)
Discovery Timeline
- 2026-05-08 - CVE-2026-43330 published to the National Vulnerability Database (NVD)
- 2026-05-18 - Last updated in NVD database
Technical Details for CVE-2026-43330
Vulnerability Analysis
The vulnerability exists in the CAAM crypto driver's HMAC key setup path. When a caller supplies an HMAC key longer than the algorithm's block size, the driver must hash the key down to the block size before use. To satisfy DMA cache alignment requirements, the driver rounds the allocation size up to aligned_len, which can exceed the actual keylen.
The original implementation uses kmemdup(key, aligned_len, GFP_KERNEL) to allocate and populate the buffer in a single call. Because kmemdup copies the full aligned_len bytes from the source, the function reads past the end of the caller-supplied key buffer. The subsequent hash operation then writes into the over-allocated region, which can overwrite adjacent kernel heap memory.
The upstream fix replaces kmemdup with a kmalloc followed by a bounded memcpy of only keylen bytes, eliminating the over-read while preserving DMA alignment.
Root Cause
The root cause is a length mismatch between the source buffer size (keylen) and the destination allocation size (aligned_len) passed to kmemdup. The function assumes both lengths describe valid source memory, but only keylen bytes are guaranteed to be readable.
Attack Vector
An attacker requires local access and the ability to invoke kernel crypto interfaces, such as AF_ALG sockets or in-kernel consumers exposed to user space. By submitting an HMAC key longer than the block size on a CAAM-backed transform, the attacker triggers the out-of-bounds read and downstream heap corruption. The vulnerability requires low privileges and no user interaction.
No public exploit is available, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. The current EPSS score is 0.013%.
Detection Methods for CVE-2026-43330
Indicators of Compromise
- Kernel oops or panic messages referencing caam, hmac, or SLUB corruption on systems with NXP/Freescale CAAM hardware
- Unexpected KASAN reports identifying out-of-bounds reads in kmemdup callers within drivers/crypto/caam/
- Crash signatures referencing ahash_setkey or related CAAM key setup paths
Detection Strategies
- Compare running kernel version against the fixed commits 31022cfd, 80688afb, aa545df0, c2fb4984, and cebc5ebd published on git.kernel.org
- Enable KASAN on test builds to surface out-of-bounds reads in the CAAM driver during fuzzing of AF_ALG HMAC interfaces
- Audit which workloads load the caam module and which user-space components issue oversized HMAC keys
Monitoring Recommendations
- Forward kernel ring buffer and journald logs to a centralized analytics platform and alert on caam driver errors or SLUB/KASAN warnings
- Track non-root processes invoking AF_ALG setsockopt(ALG_SET_KEY) with key lengths greater than the HMAC block size
- Monitor for unexpected kernel module loads of caam_jr, caamhash, or caamalg on production hosts
How to Mitigate CVE-2026-43330
Immediate Actions Required
- Inventory all Linux systems running on NXP i.MX, QorIQ, or other SoCs that enable the CAAM crypto driver
- Apply the upstream stable kernel updates referenced in the kernel.org commits as soon as vendor builds are available
- Restrict local access on affected hardware and limit which users can open AF_ALG sockets
Patch Information
The fix replaces kmemdup with a kmalloc plus a bounded memcpy(keylen) in the CAAM HMAC key setup path. The upstream commits are published at Kernel Git Commit 31022cfd, Kernel Git Commit 80688afb, Kernel Git Commit aa545df0, Kernel Git Commit c2fb4984, and Kernel Git Commit cebc5ebd. Consult your Linux distribution's security advisories for backported builds.
Workarounds
- Blacklist the CAAM kernel modules (caam, caam_jr, caamhash, caamalg) where hardware crypto acceleration is not required
- Disable user-space access to the kernel crypto API by setting CONFIG_CRYPTO_USER_API_HASH=n in custom kernel builds, or restrict AF_ALG via seccomp profiles
- Apply Mandatory Access Control policies (SELinux, AppArmor) to limit which processes can open AF_ALG sockets
# Blacklist CAAM modules until a patched kernel is deployed
echo 'blacklist caam' | sudo tee /etc/modprobe.d/cve-2026-43330.conf
echo 'blacklist caam_jr' | sudo tee -a /etc/modprobe.d/cve-2026-43330.conf
echo 'blacklist caamhash' | sudo tee -a /etc/modprobe.d/cve-2026-43330.conf
echo 'blacklist caamalg' | sudo tee -a /etc/modprobe.d/cve-2026-43330.conf
sudo update-initramfs -u
# Verify the modules are not loaded after reboot
lsmod | grep -E 'caam'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
