CVE-2025-40019

Vulnerability

CVE-2025-40019 is a flaw in the Linux kernel's ESSIV (Encrypted Salt-Sector Initialization Vector) crypto driver. The essiv_aead_crypt function had a missing size check (ssize was verified for normal (non-in-place) encryption, but not for decryption or in-place encryption operations. This oversight means that when these code paths are executed, the kernel may try to read from or write to a memory region based on a source buffer size that has not been validated, leading to a potential out-of-bounds read.

Exploitation

To exploit this, an attacker would need the ability to submit AF_ALG requests (or otherwise interact with the kernel crypto subsystem) with carefully crafted struct aead_request parameters that trigger the vulnerable code path — specifically, a decryption request or an in-place encryption request where the source buffer length differs from the destination buffer length. No special privileges beyond access to the crypto device node are required, making it accessible to unprivileged users in many configurations.

Impact

If triggered, the out-of-bounds read could disclose sensitive kernel memory contents to the attacker, bypassing kernel ASLR or leaking key material. There is also a possibility of a kernel crash (denial of service) if the read accesses unmapped memory. The fix ensures that the size check is performed early in essiv_aead_crypt, covering all four combinations of encryption/decryption and in-place/out-of-place operations.

Mitigation

The issue was fixed in the Linux kernel commits that moved the ssize check to the very start of essiv_aead_crypt [1][2][3][4]. Users should update their kernel to a version that includes one of these commits. No workaround is known other than applying the patch.