PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45854 Linux CVE debrief

A logic error in the Inside Secure EIP93 cryptographic driver for the Linux kernel causes system panics on hardware platforms where not all cryptographic algorithms are implemented in silicon. The driver registers only the algorithms indicated by the hardware options register, but during cleanup it unconditionally unregisters all possible algorithms—including those never registered. This mismatch triggers a panic when the driver is unloaded or during error paths on affected platforms. The vulnerability is resolved by ensuring that only algorithms actually registered (based on hardware capability detection) are unregistered.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Organizations running Linux systems with Inside Secure EIP93 cryptographic hardware accelerators, particularly on embedded or SoC platforms with partial algorithm implementations; kernel maintainers and distribution packagers responsible for stable kernel updates

Technical summary

The Inside Secure EIP93 cryptographic accelerator driver in the Linux kernel contains a bug where the algorithm unregistration path does not check the hardware options register before attempting to unregister algorithms. During initialization, the driver reads the EIP93 options register to determine which algorithms are implemented in silicon and registers only those capabilities. However, the cleanup/unregistration code iterates through all possible algorithms without this check, attempting to unregister algorithms that were never registered. This causes a kernel panic on platforms where the EIP93 hardware implements only a subset of the full algorithm set. The fix aligns the unregistration logic with the registration logic by checking the hardware capability bits before each unregister operation.

Defensive priority

medium

Recommended defensive actions

  • Apply the relevant stable kernel patch from the 5.15, 6.1, or 6.6 stable trees as indicated by the referenced kernel.org commits
  • Verify kernel version includes the fix by checking for commit 0ceeadc7b53a (5.15), 243d642ff580 (6.1), or 4c1c5a1d720f (6.6) in your distribution's kernel changelog
  • If running custom kernels with the EIP93 driver on platforms with partial hardware algorithm support, prioritize patching to prevent driver unload panics
  • Monitor distribution security advisories for backported fixes if running long-term support kernel versions not covered by the referenced stable commits

Evidence notes

The vulnerability description and resolution are sourced from the official CVE record published 2026-05-27. The fix involves modifying the algorithm unregistration path in the EIP93 driver to respect hardware capability bits from the options register, matching the registration logic. Three kernel.org stable tree commits are referenced as authoritative patches.

Official resources

2026-05-27