5 matches found
CVE-2025-68726
CVE-2025-68726 concerns the Linux kernel crypto AEAD path. The vulnerability stems from how crypto_alg cra_reqsize (introduced in a prior commit) is used by AEAD algorithms without corresponding updates in the framework to propagate reqsize correctly. This mismatch can lead to memory corruption a...
CVE-2025-68726 crypto: aead - Fix reqsize handling
In the Linux kernel, the following vulnerability has been resolved: crypto: aead - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
EUVD-2025-150392
In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
CVE-2025-40182
In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
CVE-2025-40182
CVE-2025-40182 (Linux kernel) concerns the crypto subsystem, specifically the skcipher code path. The root cause is the introduction of the cra_reqsize field in the crypto_alg struct and its use across skcipher algorithms, which was not accompanied by proper initialization. This mismatch can lead...