CVE-2026-46033
The CVE-2026-46033 issue in the Linux kernel crypto/authencesn was fixed: authenc ESN paths require either a zero authsize or an authsize of at least 4 bytes, but a later path could copy digestsize into inst->alg.maxauthsize without validation, allowing ahash digests of 1–3 bytes (e.g., cbcmac...