PT-2026-44316 · Linux · Linux Kernel

Published

2026-05-28

·

Updated

2026-06-19

·

CVE-2026-46193

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the xfrm AH implementation where the system fails to account for Extended Sequence Number (ESN) high bits in asynchronous callbacks. When ESN is enabled, the asynchronous ahash setup appends a 4-byte seqhi slot before the Integrity Check Value (ICV) or authentication data area. However, the asynchronous completion callbacks reconstruct the temporary layout as if seqhi were absent. This causes the system to copy or compare incorrect bytes on both IPv4 and IPv6 paths, leading to packet loss in environments using asynchronous AH implementations. This behavior contradicts RFC 4302, which requires the high-order 32 bits of the ESN to participate in the AH ICV computation.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-46193
ECHO-221F-AC87-073C
OPENSUSE-SU-2026:10954-1

Affected Products

Linux Kernel