VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 12, 2025· Updated Apr 15, 2026

CVE-2025-40182

CVE-2025-40182

Description

In the Linux kernel, the following vulnerability has been resolved:

crypto: skcipher - Fix reqsize handling

Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg") introduced cra_reqsize field in crypto_alg struct to replace type specific reqsize fields. It looks like this was introduced specifically for ahash and acomp from the commit description as subsequent commits add necessary changes in these alg frameworks.

However, this is being recommended for use in all crypto algs [1] instead of setting reqsize using crypto_*_set_reqsize(). Using cra_reqsize in skcipher algorithms, hence, causes memory corruptions and crashes as the underlying functions in the algorithm framework have not been updated to set the reqsize properly from cra_reqsize. [2]

Add proper set_reqsize calls in the skcipher init function to properly initialize reqsize for these algorithms in the framework.

[1]: https://lore.kernel.org/linux-crypto/aCL8BxpHr5OpT04k@gondor.apana.org.au/ [2]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Linux kernel skcipher crypto bug: using cra_reqsize without proper initialization causes memory corruption; patch adds set_reqsize calls.

Vulnerability

Overview

The Linux kernel's crypto subsystem introduced cra_reqsize in crypto_alg to replace type-specific request size fields. However, the skcipher framework was not updated to properly initialize reqsize from cra_reqsize, leading to memory corruption and crashes when skcipher algorithms use the new field [1].

Exploitation

The vulnerability is triggered by using skcipher algorithms that rely on cra_reqsize without the necessary initialization. An attacker with local access could potentially exploit this to cause a denial of service (system crash) or possibly escalate privileges if memory corruption is leveraged for arbitrary code execution.

Impact

Successful exploitation results in memory corruption, leading to system instability, crashes, or potential privilege escalation. The bug affects any system using affected skcipher algorithms.

Mitigation

The fix adds proper set_reqsize calls in the skcipher init function, ensuring correct initialization from cra_reqsize. The patch has been applied to the stable kernel tree [1]. Users are advised to update to the patched kernel version.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

2
f041339d6b9a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
229c586b5e86
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.