CVE-2026-53302

MEDIUMNVD 5.5Trending — 3 sources updated this week
5.5
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
  • Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 0%CVSS: 5.5Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

In the Linux kernel, the following vulnerability has been resolved:

crypto: eip93 - fix hmac setkey algo selection

eip93_hmac_setkey() allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cra_driver_name (e.g. "sha256-eip93") but passes CRYPTO_ALG_ASYNC as the mask, which excludes async algorithms.

Since the EIP93 hash algorithms are the only ones registered under those driver names and they are inherently async, the lookup is self-contradictory and always fails with -ENOENT.

When called from the AEAD setkey path, this failure leaves the SA record partially initialized with zeroed digest fields. A subsequent crypto operation then dereferences a NULL pointer in the request context, resulting in a kernel panic:

pc : eip93_aead_handle_result+0xc8c/0x1240 [crypto_hw_eip93]
  lr : eip93_aead_handle_result+0xbec/0x1240 [crypto_hw_eip93]
  sp : ffffffc082feb820
  x29: ffffffc082feb820 x28: ffffff8011043980 x27: 0000000000000000
  x26: 0000000000000000 x25: ffffffc078da0bc8 x24: 0000000091043980
  x23: ffffff8004d59e50 x22: ffffff8004d59410 x21: ffffff8004d593c0
  x20: ffffff8004d593c0 x19: ffffff8004d4f300 x18: 0000000000000000
  x17: 0000000000000000 x16: 0000000000000000 x15: 0000007fda7aa498
  x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000
  x11: 0000000000000000 x10: fffffffff8127a80 x9 : 0000000000000000
  x8 : ffffff8004d4f380 x7 : 0000000000000000 x6 : 000000000000003f
  x5 : 0000000000000040 x4 : 0000000000000008 x3 : 0000000000000009
  x2 : 0000000000000008 x1 : 0000000028000003 x0 : ffffff8004d388c0
  Code: 910142b6 f94012e0 f9002aa0 f90006d3 (f9400740)

The reported symbol eip93_aead_handle_result+0xc8c is a resolution artifact from static functions being merged under the nearest exported symbol. Decoding the faulting sequence:

910142b6  ADD  X22, X21, #0x50
  f94012e0  LDR  X0, [X23, #0x20]
  f9002aa0  STR  X0, [X21, #0x50]
  f90006d3  STR  X19, [X22, #0x8]
  f9400740  LDR  X0, [X26, #0x8]

The faulting LDR at [X26, #0x8] is loading ctx->flags (offset 8 in eip93_hash_ctx), where ctx has been resolved to NULL from a partially initialized or unreachable transform context following the failed setkey.

Fix this by dropping the CRYPTO_ALG_ASYNC mask from the crypto_alloc_ahash() call. The code already handles async completion correctly via crypto_wait_req(), so there is no requirement to restrict the lookup to synchronous algorithms.

Note that hashing a single 64-byte block through the hardware is likely slower than doing it in software due to the DMA round-trip overhead, but offloading it may still spare CPU cycles on the slower embedded cores where this IP is found.

[Detailed investigation report of this bug]

CVSS v3
5.5
EG Score
0.0(none)
EPSS
6.1%
KEV
Not listed

Published

June 26, 2026

Last Modified

July 6, 2026

Vendor Advisories for CVE-2026-53302(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

Data Freshness Timeline

(refreshed 13× in last 7d / 21× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-06 21:35 UTCNVD updateCVSS v3 → 5.5 · severity → MEDIUM
  2. 2026-07-06 16:27 UTCEPSS rescore
  3. 2026-07-06 16:27 UTCEPSS rescore
  4. 2026-07-06 13:43 UTCGHSA enrichment
  5. 2026-07-06 02:23 UTCEPSS rescore
  6. 2026-07-06 02:23 UTCEPSS rescore
  7. 2026-07-05 02:31 UTCEPSS rescore
  8. 2026-07-05 02:30 UTCEPSS rescore
  9. 2026-07-04 06:31 UTCEPSS rescore
  10. 2026-07-04 06:31 UTCEPSS rescore
  11. 2026-07-03 08:21 UTCGHSA enrichment
  12. 2026-07-01 15:07 UTCEPSS rescore
  13. 2026-06-30 23:22 UTCEPSS rescore
  14. 2026-06-30 02:59 UTCEG score recompute
  15. 2026-06-30 02:59 UTCGHSA enrichment
  16. 2026-06-29 14:06 UTCEPSS rescore
  17. 2026-06-29 14:06 UTCEPSS rescore
  18. 2026-06-28 04:56 UTCEPSS rescore
  19. 2026-06-28 04:56 UTCEPSS rescore
  20. 2026-06-26 21:38 UTCEG score recompute
  21. 2026-06-26 21:37 UTCGHSA enrichment

Frequently asked(5)

What is CVE-2026-53302?
CVE-2026-53302 is a medium vulnerability published on June 26, 2026. In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey() allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername (e.g. "sha256-eip93") but…
When was CVE-2026-53302 disclosed?
CVE-2026-53302 was first published in the National Vulnerability Database on June 26, 2026, with the most recent update on July 6, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-53302 actively exploited?
CVE-2026-53302 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 6.1% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-53302?
CVE-2026-53302 has a CVSS v3 base score of 5.5 (NVD). EchelonGraph synthesises NVD + CISA KEV + FIRST EPSS + GHSA into a combined EG score of 0.0.
How do I remediate CVE-2026-53302?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-53302, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2026-53302

Explore →

Is Your Infrastructure Affected by CVE-2026-53302?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.