CVE Catalog

CVE-2026-45854

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile - higher than 5% of all known CVEs

Summary

In the Linux kernel's inside-secure/eip93 crypto driver, a vulnerability exists where all cryptographic algorithms are unregistered regardless of which are actually implemented in hardware. This causes a system panic on platforms that do not have all options implemented in silicon.

Risk Assessment

The risk is a system panic during algorithm unregistration, potentially leading to service disruption and availability loss on platforms with incomplete hardware implementation.

Recommendation

Update the Linux kernel to a version containing the fix that unregisters only algorithms actually available in hardware, based on the EIP93 options register.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered on this basis. Unregister algorithms on the same basis. Currently, all algorithms are unregistered, even those not supported by HW. This results in panic on platforms that don't have all options implemented in silicon.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS