{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-06T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: crypto: algif_aead - Fix minimum RX size check for decryption",
    "id" : "2467022",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2467022"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-131",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: algif_aead - Fix minimum RX size check for decryption\nThe check for the minimum receive buffer size did not take the\ntag size into account during decryption.  Fix this by adding the\nrequired extra length.", "A flaw was found in the Linux kernel, specifically within the `algif_aead` module. The vulnerability involves an incorrect check for the minimum receive buffer size during decryption, which did not properly account for the tag size. This could potentially lead to issues with data integrity or processing during cryptographic decryption operations." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13566",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.55.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13887",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "kernel-0:6.12.0-55.71.1.el10_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13578",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.123.1.rt7.464.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13577",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.123.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14165",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.190.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14165",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.190.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14230",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.191.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14230",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.191.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14230",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.191.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13681",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.139.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13681",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.139.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13565",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.54.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-05-04T00:00:00Z",
    "advisory" : "RHSA-2026:13565",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.54.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:13936",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.178.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14137",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.178.1.rt21.250.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-05-05T00:00:00Z",
    "advisory" : "RHSA-2026:13734",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.169.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14301",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.169.1.rt14.454.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:13932",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.124.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-05-06T00:00:00Z",
    "advisory" : "RHSA-2026:14339",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.112.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-43077\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43077\nhttps://lore.kernel.org/linux-cve-announce/2026050612-CVE-2026-43077-d7b1@gregkh/T" ],
  "name" : "CVE-2026-43077",
  "csaw" : false
}