CVE-2026-43044
Published: 01 May 2026
Summary
CVE-2026-43044 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2026-43044 is a vulnerability in the Linux kernel's CAAM (Crypto Acceleration and Assurance Module) cryptographic driver. It occurs when processing HMAC keys longer than the block size, which are copied and hashed into a real key. The memory allocated for this copy must be rounded to DMA cache alignment to prevent the hashed key from corrupting neighboring memory. Although rounding was implemented, it was not used in the actual allocation via kmemdup, leading to potential DMA corruption.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), as indicated by its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation enables high-impact corruption of confidentiality, integrity, and availability through memory corruption, potentially allowing arbitrary code execution or system crashes in affected kernel configurations using the CAAM driver.
Mitigation involves applying the upstream kernel patches referenced in the stable git commits, such as 5ddfdcbe10dc5f97afc4e46ca22be2be717e8caf, 68feed135a0c7243a9275ae7e6a18260f755f52b, a7ecf06d3ee06e9b3322e1e7b003ea5c6f6e135a, c0c133e0225d87aad326bb90bbce9bdd6fde3cbb, and f2af8be110bde26b3e3354efdfdda97f426306a4. These commits replace kmemdup with kmalloc for a properly sized and aligned buffer, followed by memcpy, resolving the allocation issue. Security practitioners should update to patched kernel versions supporting CAAM hardware.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-26643
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into the real key. The…
more
memory allocated for the copy needs to be rounded to DMA cache alignment, as otherwise the hashed key may corrupt neighbouring memory. The rounding was performed, but never actually used for the allocation. Fix this by replacing kmemdup with kmalloc for a larger buffer, followed by memcpy.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel memory corruption vulnerability in CAAM driver allows low-privileged attacker to achieve arbitrary code execution or crashes, directly enabling exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the vulnerability by requiring identification, reporting, and timely patching of the kernel's CAAM driver to fix the DMA-aligned memory allocation issue.
Mitigates exploitation of the memory corruption caused by unaligned DMA buffer through protections like non-executable memory and address space randomization.
Enables detection of the specific kernel vulnerability in CAAM via vulnerability scanning, facilitating timely remediation.