{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "f15f05b0a5de667c821a9727c33bce9d1d9b26dd"
            },
            {
              "fixed": "77f59fb2d3aa33e90ec6cbbf45dcfb20ab82b1a9"
            },
            {
              "fixed": "2f31cd1e64a079c845bca31d2da7b3c90a311726"
            },
            {
              "fixed": "d4c6a6d08e70bb1083c7c405fc7faacbf19aebc0"
            },
            {
              "fixed": "b69933e97efea238ebbfcf70c2b1be1cd03f13e3"
            },
            {
              "fixed": "67f1f0933cc3d78dde222842bcad2778ec7a0b88"
            },
            {
              "fixed": "b42821c15445f93daea3e76ada682b2b7181c476"
            },
            {
              "fixed": "9aff81e8217e9de2929084b03b3c7f81988c112b"
            },
            {
              "fixed": "5db6ef9847717329f12c5ea8aba7e9f588a980c0"
            }
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "type": "GIT"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Linux",
        "name": "Kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.11.0"
            },
            {
              "fixed": "5.10.258"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.11.0"
            },
            {
              "fixed": "5.15.209"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "5.16.0"
            },
            {
              "fixed": "6.1.175"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.2.0"
            },
            {
              "fixed": "6.6.140"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.7.0"
            },
            {
              "fixed": "6.12.86"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.13.0"
            },
            {
              "fixed": "6.18.27"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "events": [
            {
              "introduced": "6.19.0"
            },
            {
              "fixed": "7.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "database_specific": {
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46033.json"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - reject short ahash digests during instance creation\n\nauthencesn requires either a zero authsize or an authsize of at least\n4 bytes because the ESN encrypt/decrypt paths always move 4 bytes of\nhigh-order sequence number data at the end of the authenticated data.\n\nWhile crypto_authenc_esn_setauthsize() already rejects explicit\nnon-zero authsizes in the range 1..3, crypto_authenc_esn_create()\nstill copied auth-\u003edigestsize into inst-\u003ealg.maxauthsize without\nvalidating it.  The AEAD core then initialized the tfm's default\nauthsize from that value.\n\nAs a result, selecting an ahash with digest size 1..3, such as\ncbcmac(cipher_null), exposed authencesn instances whose default\nauthsize was invalid even though setauthsize() would have rejected the\nsame value.  AF_ALG could then trigger the ESN tail handling with a\ntoo-short tag and hit an out-of-bounds access.\n\nReject authencesn instances whose ahash digest size is in the invalid\nnon-zero range 1..3 so that no tfm can inherit an unsupported default\nauthsize.",
  "id": "CVE-2026-46033",
  "modified": "2026-07-08T05:37:49.300431929Z",
  "published": "2026-05-27T12:56:42.038Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2f31cd1e64a079c845bca31d2da7b3c90a311726"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5db6ef9847717329f12c5ea8aba7e9f588a980c0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/67f1f0933cc3d78dde222842bcad2778ec7a0b88"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/77f59fb2d3aa33e90ec6cbbf45dcfb20ab82b1a9"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9aff81e8217e9de2929084b03b3c7f81988c112b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b42821c15445f93daea3e76ada682b2b7181c476"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b69933e97efea238ebbfcf70c2b1be1cd03f13e3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d4c6a6d08e70bb1083c7c405fc7faacbf19aebc0"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46033.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/security/cve/CVE-2026-46033"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46033.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46033"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482000"
    },
    {
      "type": "PACKAGE",
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
    }
  ],
  "schema_version": "1.7.5",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "crypto: authencesn - reject short ahash digests during instance creation"
}