PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23060 Linux CVE debrief

A vulnerability was found in the Linux kernel's authencesn component. The vulnerability occurs when the AAD (associated data) length is less than 8, causing a NULL pointer dereference and potentially leading to a kernel panic (DoS). This issue arises because authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy().

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-02-04
Original CVE updated
2026-07-14
Advisory published
2026-02-04
Advisory updated
2026-07-14

Who should care

Linux kernel users, administrators, and security teams should be aware of this vulnerability and take steps to mitigate it. Affected deployments should be identified, and owners should be assigned for follow-up. Compensating controls should be reviewed for exposed systems while remediation is scheduled and verified.

Technical summary

The Linux kernel's authencesn component assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). The vulnerability has been resolved by adding a minimum AAD length check to fail fast on invalid inputs.

Defensive priority

Medium

Recommended defensive actions

  • Apply patches from Linux kernel maintainers
  • Restrict access to vulnerable kernel versions
  • Monitor system logs for potential attacks
  • Review compensating controls for exposed systems
  • Track exceptions and retest remediated assets
  • Check relevant monitoring, detection, and logs for exposed assets
  • Confirm whether affected product deployments exist in managed environments

Evidence notes

The CVE record was published on 2026-02-04T17:16:16.687Z and last modified on 2026-07-14T13:18:23.490Z. The NVD entry is currently Modified. Linux kernel users should verify their deployments for potential exposure and review official advisories for affected scope and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-04T17:16:16.687Z and has not been modified since then. The NVD entry is currently Modified.