PatchSiren cyber security CVE debrief
CVE-2026-23060 Linux CVE debrief
A vulnerability was found in the Linux kernel's authencesn component. The vulnerability occurs when the AAD (associated data) length is less than 8, causing a NULL pointer dereference and potentially leading to a kernel panic (DoS). This issue arises because authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy().
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-04
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-02-04
- Advisory updated
- 2026-07-14
Who should care
Linux kernel users, administrators, and security teams should be aware of this vulnerability and take steps to mitigate it. Affected deployments should be identified, and owners should be assigned for follow-up. Compensating controls should be reviewed for exposed systems while remediation is scheduled and verified.
Technical summary
The Linux kernel's authencesn component assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). The vulnerability has been resolved by adding a minimum AAD length check to fail fast on invalid inputs.
Defensive priority
Medium
Recommended defensive actions
- Apply patches from Linux kernel maintainers
- Restrict access to vulnerable kernel versions
- Monitor system logs for potential attacks
- Review compensating controls for exposed systems
- Track exceptions and retest remediated assets
- Check relevant monitoring, detection, and logs for exposed assets
- Confirm whether affected product deployments exist in managed environments
Evidence notes
The CVE record was published on 2026-02-04T17:16:16.687Z and last modified on 2026-07-14T13:18:23.490Z. The NVD entry is currently Modified. Linux kernel users should verify their deployments for potential exposure and review official advisories for affected scope and vendor guidance.
Official resources
-
CVE-2026-23060 CVE record
CVE.org
-
CVE-2026-23060 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-02-04T17:16:16.687Z and has not been modified since then. The NVD entry is currently Modified.