CVE-2026-53302 (GCVE-0-2026-53302)

Vulnerability from cvelistv5 – Published: 2026-06-26 19:40 – Updated: 2026-06-26 19:40
VLAI
Title
crypto: eip93 - fix hmac setkey algo selection
Summary
In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93_hmac_setkey() allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cra_driver_name (e.g. "sha256-eip93") but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms. Since the EIP93 hash algorithms are the only ones registered under those driver names and they are inherently async, the lookup is self-contradictory and always fails with -ENOENT. When called from the AEAD setkey path, this failure leaves the SA record partially initialized with zeroed digest fields. A subsequent crypto operation then dereferences a NULL pointer in the request context, resulting in a kernel panic: ``` pc : eip93_aead_handle_result+0xc8c/0x1240 [crypto_hw_eip93] lr : eip93_aead_handle_result+0xbec/0x1240 [crypto_hw_eip93] sp : ffffffc082feb820 x29: ffffffc082feb820 x28: ffffff8011043980 x27: 0000000000000000 x26: 0000000000000000 x25: ffffffc078da0bc8 x24: 0000000091043980 x23: ffffff8004d59e50 x22: ffffff8004d59410 x21: ffffff8004d593c0 x20: ffffff8004d593c0 x19: ffffff8004d4f300 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fda7aa498 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: fffffffff8127a80 x9 : 0000000000000000 x8 : ffffff8004d4f380 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : 0000000000000008 x3 : 0000000000000009 x2 : 0000000000000008 x1 : 0000000028000003 x0 : ffffff8004d388c0 Code: 910142b6 f94012e0 f9002aa0 f90006d3 (f9400740) ``` The reported symbol eip93_aead_handle_result+0xc8c is a resolution artifact from static functions being merged under the nearest exported symbol. Decoding the faulting sequence: ``` 910142b6 ADD X22, X21, #0x50 f94012e0 LDR X0, [X23, #0x20] f9002aa0 STR X0, [X21, #0x50] f90006d3 STR X19, [X22, #0x8] f9400740 LDR X0, [X26, #0x8] ``` The faulting LDR at [X26, #0x8] is loading ctx->flags (offset 8 in eip93_hash_ctx), where ctx has been resolved to NULL from a partially initialized or unreachable transform context following the failed setkey. Fix this by dropping the CRYPTO_ALG_ASYNC mask from the crypto_alloc_ahash() call. The code already handles async completion correctly via crypto_wait_req(), so there is no requirement to restrict the lookup to synchronous algorithms. Note that hashing a single 64-byte block through the hardware is likely slower than doing it in software due to the DMA round-trip overhead, but offloading it may still spare CPU cycles on the slower embedded cores where this IP is found. [Detailed investigation report of this bug]
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 9739f5f93b7806a684713ba42e6ed2d1df7c8100 , < fc9310d79fdb117b369a01eb00f4fd5fb4849d4e (git)
Affected: 9739f5f93b7806a684713ba42e6ed2d1df7c8100 , < ec226d3e58bb9f0e26a77346085b6b4d594d53d8 (git)
Affected: 9739f5f93b7806a684713ba42e6ed2d1df7c8100 , < 3ba3b02f897b14e34977e1886d95ffe64d907204 (git)
Create a notification for this product.
Linux Linux Affected: 6.15
Unaffected: 0 , < 6.15 (semver)
Unaffected: 6.18.33 , ≤ 6.18.* (semver)
Unaffected: 7.0.10 , ≤ 7.0.* (semver)
Unaffected: 7.1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/inside-secure/eip93/eip93-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fc9310d79fdb117b369a01eb00f4fd5fb4849d4e",
              "status": "affected",
              "version": "9739f5f93b7806a684713ba42e6ed2d1df7c8100",
              "versionType": "git"
            },
            {
              "lessThan": "ec226d3e58bb9f0e26a77346085b6b4d594d53d8",
              "status": "affected",
              "version": "9739f5f93b7806a684713ba42e6ed2d1df7c8100",
              "versionType": "git"
            },
            {
              "lessThan": "3ba3b02f897b14e34977e1886d95ffe64d907204",
              "status": "affected",
              "version": "9739f5f93b7806a684713ba42e6ed2d1df7c8100",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/inside-secure/eip93/eip93-common.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.15"
            },
            {
              "lessThan": "6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.33",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.10",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: eip93 - fix hmac setkey algo selection\n\neip93_hmac_setkey() allocates a temporary ahash transform for\ncomputing HMAC ipad/opad key material. The allocation uses the\ndriver-specific cra_driver_name (e.g. \"sha256-eip93\") but passes\nCRYPTO_ALG_ASYNC as the mask, which excludes async algorithms.\n\nSince the EIP93 hash algorithms are the only ones registered\nunder those driver names and they are inherently async, the\nlookup is self-contradictory and always fails with -ENOENT.\n\nWhen called from the AEAD setkey path, this failure leaves the\nSA record partially initialized with zeroed digest fields. A\nsubsequent crypto operation then dereferences a NULL pointer in\nthe request context, resulting in a kernel panic:\n\n```\n  pc : eip93_aead_handle_result+0xc8c/0x1240 [crypto_hw_eip93]\n  lr : eip93_aead_handle_result+0xbec/0x1240 [crypto_hw_eip93]\n  sp : ffffffc082feb820\n  x29: ffffffc082feb820 x28: ffffff8011043980 x27: 0000000000000000\n  x26: 0000000000000000 x25: ffffffc078da0bc8 x24: 0000000091043980\n  x23: ffffff8004d59e50 x22: ffffff8004d59410 x21: ffffff8004d593c0\n  x20: ffffff8004d593c0 x19: ffffff8004d4f300 x18: 0000000000000000\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fda7aa498\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n  x11: 0000000000000000 x10: fffffffff8127a80 x9 : 0000000000000000\n  x8 : ffffff8004d4f380 x7 : 0000000000000000 x6 : 000000000000003f\n  x5 : 0000000000000040 x4 : 0000000000000008 x3 : 0000000000000009\n  x2 : 0000000000000008 x1 : 0000000028000003 x0 : ffffff8004d388c0\n  Code: 910142b6 f94012e0 f9002aa0 f90006d3 (f9400740)\n```\n\nThe reported symbol eip93_aead_handle_result+0xc8c is a\nresolution artifact from static functions being merged under\nthe nearest exported symbol. Decoding the faulting sequence:\n\n```\n  910142b6  ADD  X22, X21, #0x50\n  f94012e0  LDR  X0, [X23, #0x20]\n  f9002aa0  STR  X0, [X21, #0x50]\n  f90006d3  STR  X19, [X22, #0x8]\n  f9400740  LDR  X0, [X26, #0x8]\n```\n\nThe faulting LDR at [X26, #0x8] is loading ctx-\u003eflags\n(offset 8 in eip93_hash_ctx), where ctx has been resolved\nto NULL from a partially initialized or unreachable\ntransform context following the failed setkey.\n\nFix this by dropping the CRYPTO_ALG_ASYNC mask from the\ncrypto_alloc_ahash() call. The code already handles async\ncompletion correctly via crypto_wait_req(), so there is no\nrequirement to restrict the lookup to synchronous algorithms.\n\nNote that hashing a single 64-byte block through the hardware\nis likely slower than doing it in software due to the DMA\nround-trip overhead, but offloading it may still spare CPU\ncycles on the slower embedded cores where this IP is found.\n\n[Detailed investigation report of this bug]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T19:40:58.636Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fc9310d79fdb117b369a01eb00f4fd5fb4849d4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec226d3e58bb9f0e26a77346085b6b4d594d53d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ba3b02f897b14e34977e1886d95ffe64d907204"
        }
      ],
      "title": "crypto: eip93 - fix hmac setkey algo selection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53302",
    "datePublished": "2026-06-26T19:40:58.636Z",
    "dateReserved": "2026-06-09T07:44:35.397Z",
    "dateUpdated": "2026-06-26T19:40:58.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53302",
      "date": "2026-07-07",
      "epss": "0.00121",
      "percentile": "0.02206"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53302\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-26T20:17:23.413\",\"lastModified\":\"2026-07-06T20:24:31.137\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: eip93 - fix hmac setkey algo selection\\n\\neip93_hmac_setkey() allocates a temporary ahash transform for\\ncomputing HMAC ipad/opad key material. The allocation uses the\\ndriver-specific cra_driver_name (e.g. \\\"sha256-eip93\\\") but passes\\nCRYPTO_ALG_ASYNC as the mask, which excludes async algorithms.\\n\\nSince the EIP93 hash algorithms are the only ones registered\\nunder those driver names and they are inherently async, the\\nlookup is self-contradictory and always fails with -ENOENT.\\n\\nWhen called from the AEAD setkey path, this failure leaves the\\nSA record partially initialized with zeroed digest fields. A\\nsubsequent crypto operation then dereferences a NULL pointer in\\nthe request context, resulting in a kernel panic:\\n\\n```\\n  pc : eip93_aead_handle_result+0xc8c/0x1240 [crypto_hw_eip93]\\n  lr : eip93_aead_handle_result+0xbec/0x1240 [crypto_hw_eip93]\\n  sp : ffffffc082feb820\\n  x29: ffffffc082feb820 x28: ffffff8011043980 x27: 0000000000000000\\n  x26: 0000000000000000 x25: ffffffc078da0bc8 x24: 0000000091043980\\n  x23: ffffff8004d59e50 x22: ffffff8004d59410 x21: ffffff8004d593c0\\n  x20: ffffff8004d593c0 x19: ffffff8004d4f300 x18: 0000000000000000\\n  x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fda7aa498\\n  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\\n  x11: 0000000000000000 x10: fffffffff8127a80 x9 : 0000000000000000\\n  x8 : ffffff8004d4f380 x7 : 0000000000000000 x6 : 000000000000003f\\n  x5 : 0000000000000040 x4 : 0000000000000008 x3 : 0000000000000009\\n  x2 : 0000000000000008 x1 : 0000000028000003 x0 : ffffff8004d388c0\\n  Code: 910142b6 f94012e0 f9002aa0 f90006d3 (f9400740)\\n```\\n\\nThe reported symbol eip93_aead_handle_result+0xc8c is a\\nresolution artifact from static functions being merged under\\nthe nearest exported symbol. Decoding the faulting sequence:\\n\\n```\\n  910142b6  ADD  X22, X21, #0x50\\n  f94012e0  LDR  X0, [X23, #0x20]\\n  f9002aa0  STR  X0, [X21, #0x50]\\n  f90006d3  STR  X19, [X22, #0x8]\\n  f9400740  LDR  X0, [X26, #0x8]\\n```\\n\\nThe faulting LDR at [X26, #0x8] is loading ctx-\u003eflags\\n(offset 8 in eip93_hash_ctx), where ctx has been resolved\\nto NULL from a partially initialized or unreachable\\ntransform context following the failed setkey.\\n\\nFix this by dropping the CRYPTO_ALG_ASYNC mask from the\\ncrypto_alloc_ahash() call. The code already handles async\\ncompletion correctly via crypto_wait_req(), so there is no\\nrequirement to restrict the lookup to synchronous algorithms.\\n\\nNote that hashing a single 64-byte block through the hardware\\nis likely slower than doing it in software due to the DMA\\nround-trip overhead, but offloading it may still spare CPU\\ncycles on the slower embedded cores where this IP is found.\\n\\n[Detailed investigation report of this bug]\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/crypto/inside-secure/eip93/eip93-common.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"9739f5f93b7806a684713ba42e6ed2d1df7c8100\",\"lessThan\":\"fc9310d79fdb117b369a01eb00f4fd5fb4849d4e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9739f5f93b7806a684713ba42e6ed2d1df7c8100\",\"lessThan\":\"ec226d3e58bb9f0e26a77346085b6b4d594d53d8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"9739f5f93b7806a684713ba42e6ed2d1df7c8100\",\"lessThan\":\"3ba3b02f897b14e34977e1886d95ffe64d907204\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/crypto/inside-secure/eip93/eip93-common.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"6.15\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"6.15\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.33\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.10\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.15\",\"versionEndExcluding\":\"6.18.33\",\"matchCriteriaId\":\"986D4552-0ECA-40C4-9708-6D088AC7A485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"7.0.10\",\"matchCriteriaId\":\"A13475D2-59BF-4716-94B5-7C1D239A2CF4\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3ba3b02f897b14e34977e1886d95ffe64d907204\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ec226d3e58bb9f0e26a77346085b6b4d594d53d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fc9310d79fdb117b369a01eb00f4fd5fb4849d4e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…