Bug 2414738 (CVE-2025-40182) - CVE-2025-40182 kernel: crypto: skcipher - Fix reqsize handling
Summary: CVE-2025-40182 kernel: crypto: skcipher - Fix reqsize handling
Keywords:
Status: NEW
Alias: CVE-2025-40182
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-11-12 23:03 UTC by OSIDB Bzimport
Modified: 2025-11-13 10:53 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-11-12 23:03:38 UTC 
In the Linux kernel, the following vulnerability has been resolved:

crypto: skcipher - Fix reqsize handling

Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
introduced cra_reqsize field in crypto_alg struct to replace type
specific reqsize fields. It looks like this was introduced specifically
for ahash and acomp from the commit description as subsequent commits
add necessary changes in these alg frameworks.

However, this is being recommended for use in all crypto algs [1]
instead of setting reqsize using crypto_*_set_reqsize(). Using
cra_reqsize in skcipher algorithms, hence, causes memory
corruptions and crashes as the underlying functions in the algorithm
framework have not been updated to set the reqsize properly from
cra_reqsize. [2]

Add proper set_reqsize calls in the skcipher init function to
properly initialize reqsize for these algorithms in the framework.

[1]: https://lore.kernel.org/linux-crypto/aCL8BxpHr5OpT04k@gondor.apana.org.au/
[2]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b
Comment 1 Alexander B 2025-11-13 10:49:16 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025111243-CVE-2025-40182-fa1b@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.