Primary

Context

Linux Kernel krb5enc Asynchronous Decryption Vulnerability Bypasses Hash Verification

Vulnerability

Patched

A vulnerability in the Linux kernel's krb5enc cryptographic implementation allows asynchronous decryption to skip crucial hash verification, potentially compromising data integrity. This issue arises because the decryption process incorrectly signals completion before the integrity check is performed, unlike the encryption process, which properly sequences callbacks to ensure verification. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to the omission of integrity checks during asynchronous decryption, allowing for potential manipulation or corruption of data without detection.

Added: May 1, 2026, 2:22 PM

Updated: May 1, 2026, 2:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

7.7

relevance

7.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel krb5enc Asynchronous Decryption Vulnerability Bypasses Hash Verification

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating