CVE-2026-46033

In the Linux kernel, the following vulnerability has been resolved:

crypto: authencesn - reject short ahash digests during instance creation

authencesn requires either a zero authsize or an authsize of at least 4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of high-order sequence number data at the end of the authenticated data.

While crypto authenc esn setauthsize() already rejects explicit non-zero authsizes in the range 1..3, crypto authenc esn create() still copied auth->digestsize into inst->alg.maxauthsize without validating it. The AEAD core then initialized the tfm's default authsize from that value.

As a result, selecting an ahash with digest size 1..3, such as cbcmac(cipher null), exposed authencesn instances whose default authsize was invalid even though setauthsize() would have rejected the same value. AF ALG could then trigger the ESN tail handling with a too-short tag and hit an out-of-bounds access.

Reject authencesn instances whose ahash digest size is in the invalid non-zero range 1..3 so that no tfm can inherit an unsupported default authsize.