PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43330 Git CVE debrief

CVE-2026-43330 is a Linux kernel vulnerability in the CAAM crypto path that affects handling of long HMAC keys. According to the published description, when a key longer than the block size is supplied, the code copies it and then hashes it into the real key. The copy buffer must be rounded to DMA cache alignment; otherwise the hashed key can corrupt neighboring memory. The issue is caused by using kmemdup, which can read past the end of the source key buffer by the amount needed to reach the aligned length. The fix replaces kmemdup with kmalloc followed by memcpy. The CVE was published on 2026-05-08 and updated on 2026-05-11.

Vendor
Git
Product
Unknown
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-11
Advisory published
2026-05-08
Advisory updated
2026-05-11

Who should care

Linux kernel maintainers, distro security teams, and operators of systems that ship the CAAM crypto driver should pay attention, especially if they depend on kernel-provided HMAC handling in environments where local users may interact with cryptographic functionality.

Technical summary

The vulnerability is a size/alignment bug in the Linux kernel crypto: caam code path. A long HMAC key is copied into an intermediate buffer before hashing into the final key material. Because the buffer was allocated with kmemdup rather than an aligned allocation, the code could read beyond the original key buffer while copying to the rounded-up length, creating a memory corruption risk. The published fix uses kmalloc to allocate the aligned buffer size and then memcpy to copy only the actual key length. NVD lists the impact as CVSS 3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Defensive priority

High for systems using the affected kernel crypto driver, because the CVSS vector indicates local attack prerequisites but high confidentiality, integrity, and availability impact if reachable.

Recommended defensive actions

  • Apply the kernel update that contains the kmalloc + memcpy fix for the CAAM long-HMAC-key handling bug.
  • Prioritize patching on systems that expose the CAAM crypto driver to local workloads or user-controlled key material.
  • Track vendor kernel backports and verify that the fix is present in all supported branches.
  • Review any local crypto or HMAC workflows that may pass unusually long keys into the kernel crypto stack.
  • Monitor security advisories and NVD updates for any affected-version clarification or backport information.

Evidence notes

This debrief is based only on the supplied CVE description, NVD metadata, and the listed kernel.org reference links. The source description explicitly states that a key longer than the block size is copied and then hashed, that kmemdup can overflow by reading aligned_len - keylen bytes from the key buffer, and that the fix is to replace kmemdup with kmalloc plus memcpy. NVD metadata provides the CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and shows the record was published on 2026-05-08 and modified on 2026-05-11. No CISA KEV entry is present in the supplied corpus.

Official resources

Publicly disclosed in the CVE/NVD record on 2026-05-08; the supplied source metadata was last modified on 2026-05-11. No KEV listing is present in the provided enrichment data.