Linux Kernel up to 6.6.133/6.12.80/6.18.21/6.19.11 crypto aligned_len buffer overflow

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.7 | $5k-$25k | 0.00 |
Summary
A vulnerability classified as critical has been found in Linux Kernel up to 6.6.133/6.12.80/6.18.21/6.19.11. Affected by this vulnerability is the function aligned_len of the component crypto. Performing a manipulation results in buffer overflow.
This vulnerability is cataloged as CVE-2026-43330. There is no exploit available.
It is recommended to upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.6.133/6.12.80/6.18.21/6.19.11. This affects the function aligned_len of the component crypto. The manipulation with an unknown input leads to a buffer overflow vulnerability. CWE is classifying the issue as CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwise the hashed key may corrupt neighbouring memory. The copying is performed using kmemdup, however this leads to an overflow: reading more bytes (aligned_len - keylen) from the keylen source buffer. Fix this by replacing kmemdup with kmalloc, followed by memcpy.
The advisory is shared at git.kernel.org. This vulnerability is uniquely identified as CVE-2026-43330 since 05/01/2026. The exploitability is told to be easy. Technical details are known, but no exploit is available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 06/21/2026).
The vulnerability scanner Nessus provides a plugin with the ID 321829 (RHEL 10 : kernel (RHSA-2026:27288)), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.6.134, 6.12.81, 6.18.22 or 6.19.12 eliminates this vulnerability. Applying the patch 31022cfde5235c45fa765f0aabeff5f0652852f2/c2fb4984fe09fc176fe4c12d5e3edf626df6511d/aa545df011338df13f0833fc1fabcb15c0521959/cebc5ebd958346195b77f42d0cd5141b4e448fae/80688afb9c35b3934ce2d6be9973758915e2e0ef is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (321829) and CERT Bund (WID-SEC-2026-1454). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- Google Container-Optimized OS
- Debian Linux
- Red Hat Enterprise Linux
- SUSE Linux
- Oracle Linux
- SUSE openSUSE
- RESF Rocky Linux
- Microsoft Azure Linux
- Open Source Linux Kernel
Product
Type
Vendor
Name
Version
- 6.6.133
- 6.12.0
- 6.12.1
- 6.12.2
- 6.12.3
- 6.12.4
- 6.12.5
- 6.12.6
- 6.12.7
- 6.12.8
- 6.12.9
- 6.12.10
- 6.12.11
- 6.12.12
- 6.12.13
- 6.12.14
- 6.12.15
- 6.12.16
- 6.12.17
- 6.12.18
- 6.12.19
- 6.12.20
- 6.12.21
- 6.12.22
- 6.12.23
- 6.12.24
- 6.12.25
- 6.12.26
- 6.12.27
- 6.12.28
- 6.12.29
- 6.12.30
- 6.12.31
- 6.12.32
- 6.12.33
- 6.12.34
- 6.12.35
- 6.12.36
- 6.12.37
- 6.12.38
- 6.12.39
- 6.12.40
- 6.12.41
- 6.12.42
- 6.12.43
- 6.12.44
- 6.12.45
- 6.12.46
- 6.12.47
- 6.12.48
- 6.12.49
- 6.12.50
- 6.12.51
- 6.12.52
- 6.12.53
- 6.12.54
- 6.12.55
- 6.12.56
- 6.12.57
- 6.12.58
- 6.12.59
- 6.12.60
- 6.12.61
- 6.12.62
- 6.12.63
- 6.12.64
- 6.12.65
- 6.12.66
- 6.12.67
- 6.12.68
- 6.12.69
- 6.12.70
- 6.12.71
- 6.12.72
- 6.12.73
- 6.12.74
- 6.12.75
- 6.12.76
- 6.12.77
- 6.12.78
- 6.12.79
- 6.12.80
- 6.18.0
- 6.18.1
- 6.18.2
- 6.18.3
- 6.18.4
- 6.18.5
- 6.18.6
- 6.18.7
- 6.18.8
- 6.18.9
- 6.18.10
- 6.18.11
- 6.18.12
- 6.18.13
- 6.18.14
- 6.18.15
- 6.18.16
- 6.18.17
- 6.18.18
- 6.18.19
- 6.18.20
- 6.18.21
- 6.19.0
- 6.19.1
- 6.19.2
- 6.19.3
- 6.19.4
- 6.19.5
- 6.19.6
- 6.19.7
- 6.19.8
- 6.19.9
- 6.19.10
- 6.19.11
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.9VulDB Meta Temp Score: 7.7
VulDB Base Score: 8.0
VulDB Temp Score: 7.6
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 7.8
CNA Vector (Linux): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Buffer overflowCWE: CWE-120 / CWE-119
CAPEC: 🔒
ATT&CK: 🔒
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 321829
Nessus Name: RHEL 10 : kernel (RHSA-2026:27288)
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: Kernel 6.6.134/6.12.81/6.18.22/6.19.12
Patch: 31022cfde5235c45fa765f0aabeff5f0652852f2/c2fb4984fe09fc176fe4c12d5e3edf626df6511d/aa545df011338df13f0833fc1fabcb15c0521959/cebc5ebd958346195b77f42d0cd5141b4e448fae/80688afb9c35b3934ce2d6be9973758915e2e0ef
Timeline
05/01/2026 CVE reserved05/08/2026 Advisory disclosed
05/08/2026 VulDB entry created
06/21/2026 VulDB entry last update
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2026-43330 (🔒)
GCVE (CVE): GCVE-0-2026-43330
GCVE (VulDB): GCVE-100-362109
CERT Bund: WID-SEC-2026-1454 - Linux Kernel: Mehrere Schwachstellen
Entry
Created: 05/08/2026 16:26Updated: 06/21/2026 18:15
Changes: 05/08/2026 16:26 (24), 05/08/2026 16:27 (35), 05/18/2026 18:13 (11), 06/18/2026 23:17 (7), 06/21/2026 18:15 (2)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.