CVE-2026-43043

In the Linux kernel, the following vulnerability has been resolved:

crypto: af-alg - fix NULL pointer dereference in scatterwalk

The AF ALG interface fails to unmark the end of a Scatter/Gather List (SGL) when chaining a new af alg tsgl structure. If a sendmsg() fills an SGL exactly to MAX SGL ENTS, the last entry is marked as the end. A subsequent sendmsg() allocates a new SGL and chains it, but fails to clear the end marker on the previous SGL's last data entry.

This causes the crypto scatterwalk to hit a premature end, returning NULL on sg next() and leading to a kernel panic during dereference.

Fix this by explicitly unmarking the end of the previous SGL when performing sg chain() in af alg alloc tsgl().