HIGH
crypto CAAM Overflow
CVE-2026-43330
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
KernelScan AI6.8MEDIUM
01Description
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwise the hashed key may corrupt neighbouring memory. The copying is performed using kmemdup, however this leads to an overflow: reading more bytes (aligned_len - keylen) from the keylen source buffer. Fix this by replacing kmemdup with kmalloc, followed by memcpy.
02KernelScan AI Analysis
Risk summary
Systems using CAAM hardware crypto acceleration are vulnerable to kernel memory disclosure and potential crashes when processing HMAC keys longer than the hash block size. The vulnerability can be triggered by unprivileged users through the AF_ALG crypto interface, potentially leading to information leaks or denial of service.
Vulnerability analysis
The vulnerability occurs in the CAAM crypto driver's HMAC key processing when keys exceed the hash block size. The driver allocates DMA-aligned memory using aligned_len but incorrectly uses kmemdup to copy aligned_len bytes from a keylen-sized source buffer, causing an out-of-bounds read of (aligned_len - keylen) bytes. The fix replaces kmemdup with separate kmalloc and memcpy operations, ensuring only keylen bytes are copied from the source. This is reachable from unprivileged contexts via AF_ALG sockets or kernel crypto API users.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.12 | 6.12.81 | c2fb4984fe09 |
| 6.18 | 6.18.22 | aa545df01133 |
| 6.19 | 6.19.12 | cebc5ebd9583 |
| 6.6 | 6.6.134 | 31022cfde523 |
| mainline | 7.0 | 80688afb9c35 |