CVE-2026-23060

crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than
the minimum expected length, crypto_authenc_esn_decrypt() can advance past
the end of the destination scatterlist and trigger a NULL pointer dereference
in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the oldstable distribution (bookworm), these problems have been fixed in version 6.1.162-1.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2026-01-13 CVE Reserved
2026-02-04 CVE Published
2026-02-09 CVE Updated
2026-04-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (8)

URL	Tag	Source
https://git.kernel.org/stable/c/104880a6b470958ddc30e139c41aa4f6ed3a5234	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/df22c9a65e9a9daa368a72fed596af9d7d5876bb	2026-02-06
https://git.kernel.org/stable/c/fee86edf5803f1d1f19e3b4f2dacac241bddfa48	2026-02-06
https://git.kernel.org/stable/c/767e8349f7e929b7dd95c08f0b4cb353459b365e	2026-02-06
https://git.kernel.org/stable/c/b0a9609283a5c852addb513dafa655c61eebc1ef	2026-01-30
https://git.kernel.org/stable/c/161bdc90fce25bd9890adc67fa1c8563a7acbf40	2026-01-30
https://git.kernel.org/stable/c/9532ff0d0e90ff78a214299f594ab9bac81defe4	2026-01-30
https://git.kernel.org/stable/c/2397e9264676be7794f8f7f1e9763d90bd3c7335	2026-01-20

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 5.10.249 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 5.10.249"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 5.15.199 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 5.15.199"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.1.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.1.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.6.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.6.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.12.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.12.68"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.18.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.18.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.3 < 6.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.3 < 6.19"		en		Affected