Bug 2467023 (CVE-2026-43078)

Summary: CVE-2026-43078 kernel: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel. Specifically, within the `crypto: af_alg` component, a page reassignment overflow could occur in the `af_alg_pull_tsgl` function. This vulnerability arises because the original loop was not updated, potentially allowing it to reassign one more page than necessary. This could lead to unexpected system behavior or a denial of service (DoS).
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-06 10:03:39 UTC 
In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl

When page reassignment was added to af_alg_pull_tsgl the original
loop wasn't updated so it may try to reassign one more page than
necessary.

Add the check to the reassignment so that this does not happen.

Also update the comment which still refers to the obsolete offset
argument.
Comment 1 Alexander B 2026-05-06 13:10:26 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050613-CVE-2026-43078-dcf9@gregkh/T