PT-2026-6130 · Linux+2 · Linux Kernel+2

Published

2026-01-01

·

Updated

2026-05-19

·

CVE-2026-23060

CVSS v2.0

6.1

Medium

VectorAV:A/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The Linux kernel contains a flaw within the authencesn component. The authencesn component assumes an ESP/ESN-formatted AAD (Associated Authentication Data). If the assoclen is less than the minimum expected length, the crypto authenc esn decrypt() function may move beyond the end of the destination scatterlist, resulting in a NULL pointer dereference within the scatterwalk map and copy() function. This can lead to a kernel panic, causing a denial-of-service (DoS) condition. A check for the minimum AAD length has been added to prevent this issue.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Weakness Enumeration

CWE-476CWE-1284

Related Identifiers

ALSA-2026:19074
ALSA-2026:19225
BDU:2026-06704
CVE-2026-23060
ECHO-59B8-F04E-2655
OESA-2026-1760
OPENSUSE-SU-2026:20416-1
RHSA-2026:19074
RHSA-2026:19225
SUSE-SU-2026:0928-1
SUSE-SU-2026:0961-1
SUSE-SU-2026:0962-1
SUSE-SU-2026:0984-1
SUSE-SU-2026:1003-1
SUSE-SU-2026:1041-1
SUSE-SU-2026:1077-1
SUSE-SU-2026:1078-1
SUSE-SU-2026:1081-1
SUSE-SU-2026:1131-1
SUSE-SU-2026:20667-1
SUSE-SU-2026:20720-1
SUSE-SU-2026:20838-1
SUSE-SU-2026:20845-1
SUSE-SU-2026:20876-1
SUSE-SU-2026:20931-1
SUSE-SU-2026:21284-1
USN-8143-1
USN-8143-2
USN-8145-1
USN-8145-2
USN-8145-3
USN-8145-4
USN-8145-5
USN-8148-1
USN-8148-2
USN-8148-3
USN-8148-4
USN-8148-5
USN-8148-6
USN-8148-7
USN-8149-1
USN-8149-2
USN-8149-3
USN-8152-1
USN-8159-1
USN-8159-2
USN-8159-3
USN-8162-1
USN-8163-1
USN-8163-2
USN-8164-1
USN-8165-1
USN-8188-1
USN-8200-1
USN-8200-2
USN-8200-3
USN-8201-1
USN-8203-1
USN-8224-1
USN-8243-1
USN-8261-1
USN-8267-1

Affected Products

Linuxmint
Linux Kernel
Ubuntu