CVE-2026-53302 Overview
CVE-2026-53302 is a Linux kernel vulnerability in the EIP93 crypto driver. The flaw resides in eip93_hmac_setkey(), which allocates a temporary ahash transform for computing HMAC ipad/opad key material. The function passes CRYPTO_ALG_ASYNC as the mask while requesting driver-specific names such as sha256-eip93, which excludes async algorithms. Since EIP93 hash algorithms are inherently async, the lookup always fails with -ENOENT, leaving the Security Association (SA) record partially initialized with zeroed digest fields. Subsequent crypto operations dereference a NULL pointer and trigger a kernel panic.
Critical Impact
A failed setkey path in the EIP93 crypto driver leaves the AEAD SA record in an inconsistent state, causing a NULL pointer dereference and kernel panic on affected embedded Linux systems.
Affected Products
- Linux kernel versions that ship the crypto_hw_eip93 driver
- Embedded ARM64 systems using the EIP93 crypto hardware IP
- Downstream kernels prior to the fix commits 3ba3b02f897b, ec226d3e58bb, and fc9310d79fdb
Discovery Timeline
- 2026-06-26 - CVE-2026-53302 published to NVD
- 2026-06-30 - Last updated in NVD database
Technical Details for CVE-2026-53302
Vulnerability Analysis
The vulnerability is a NULL pointer dereference caused by a self-contradictory crypto algorithm lookup in the EIP93 hardware crypto driver. When eip93_hmac_setkey() runs, it calls crypto_alloc_ahash() with a driver-specific name like sha256-eip93 and passes CRYPTO_ALG_ASYNC as the mask. That mask excludes async algorithms from the search, but every algorithm registered under those driver names is async. The lookup therefore returns -ENOENT on every invocation.
When the AEAD setkey path invokes this function, the failure does not abort the setkey cleanly. Instead, the SA record is populated with zeroed digest fields. A later crypto request then loads ctx->flags at offset 8 of eip93_hash_ctx from a NULL context, producing the observed panic at eip93_aead_handle_result.
Root Cause
The root cause is an incorrect algorithm mask in crypto_alloc_ahash(). Passing CRYPTO_ALG_ASYNC as the mask instructs the crypto API to reject algorithms with the async flag set. Because the EIP93 hash implementations are inherently async, no algorithm can satisfy the request. The setkey function then continues without correctly propagating the failure, leaving downstream context structures uninitialized.
Attack Vector
Exploitation requires local access to a system running the EIP93 crypto driver and the ability to submit AEAD crypto requests that trigger the HMAC setkey path. Any process able to invoke the kernel crypto API against the EIP93 acceleration engine can trigger the NULL dereference and cause a kernel panic, resulting in denial of service.
No verified proof-of-concept code is publicly available. The upstream commit description and register dump in the advisory describe the faulting sequence. See the Kernel Git Commit 3ba3b02 for the applied fix.
Detection Methods for CVE-2026-53302
Indicators of Compromise
- Kernel panic stack traces referencing eip93_aead_handle_result in the crypto_hw_eip93 module.
- dmesg output showing -ENOENT returns from crypto_alloc_ahash() for driver names ending in -eip93.
- Unexpected system reboots on embedded ARM64 devices during IPsec, TLS, or dm-crypt workloads that use HMAC AEAD algorithms.
Detection Strategies
- Audit installed kernel packages on embedded Linux systems for the presence of crypto_hw_eip93 and compare against the fixed upstream commits.
- Monitor kernel crash telemetry for panics whose faulting instruction pointer resolves inside crypto_hw_eip93.
- Correlate crypto subsystem errors with subsequent process failures using centralized log aggregation.
Monitoring Recommendations
- Forward kernel.crit and kernel.emerg syslog facilities to a centralized SIEM for panic detection.
- Track kernel version inventory across fleets of embedded devices to identify hosts still running vulnerable builds.
- Alert on repeated crypto_alloc_ahash failures in kernel logs preceding a crash.
How to Mitigate CVE-2026-53302
Immediate Actions Required
- Update affected Linux kernels to a build that includes the fix commits 3ba3b02f897b, ec226d3e58bb, or fc9310d79fdb.
- Inventory embedded systems that expose the EIP93 crypto driver and prioritize them for patching.
- Restrict local access to devices where kernel updates cannot be applied immediately.
Patch Information
The fix removes the CRYPTO_ALG_ASYNC mask from the crypto_alloc_ahash() call in eip93_hmac_setkey(). The existing code already handles async completion through crypto_wait_req(), so restricting the lookup to synchronous algorithms was unnecessary. Fix commits are available at Kernel Git Commit 3ba3b02, Kernel Git Commit ec226d3, and Kernel Git Commit fc9310d7.
Workarounds
- Blacklist the crypto_hw_eip93 module on affected devices where hardware crypto offload is not required.
- Configure userspace crypto consumers to select software HMAC implementations instead of the EIP93-backed variants.
- Disable AEAD workloads that trigger the HMAC setkey path until a patched kernel is installed.
# Configuration example: blacklist the vulnerable module until patched
echo 'blacklist crypto_hw_eip93' | sudo tee /etc/modprobe.d/blacklist-eip93.conf
sudo depmod -a
sudo update-initramfs -u
# Reboot to unload the driver
sudo reboot
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

