PT-2026-44316 · Linux · Linux Kernel
Published
2026-05-28
·
Updated
2026-06-19
·
CVE-2026-46193
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
An issue exists in the xfrm AH implementation where the system fails to account for Extended Sequence Number (ESN) high bits in asynchronous callbacks. When ESN is enabled, the asynchronous ahash setup appends a 4-byte
seqhi slot before the Integrity Check Value (ICV) or authentication data area. However, the asynchronous completion callbacks reconstruct the temporary layout as if seqhi were absent. This causes the system to copy or compare incorrect bytes on both IPv4 and IPv6 paths, leading to packet loss in environments using asynchronous AH implementations. This behavior contradicts RFC 4302, which requires the high-order 32 bits of the ESN to participate in the AH ICV computation.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux Kernel