CVE-2025-68726

Description

In the Linux kernel, the following vulnerability has been resolved:crypto: aead - Fix reqsize handlingCommit afddce13ce81d (crypto: api - Add reqsize to crypto_alg)introduced cra_reqsize field in crypto_alg struct to replace typespecific reqsize fields. It looks like this was introduced specificallyfor ahash and acomp from the commit description as subsequent commitsadd necessary changes in these alg frameworks.However, this is being recommended for use in all crypto algsinstead of setting reqsize using crypto_*_set_reqsize(). Usingcra_reqsize in aead algorithms, hence, causes memory corruptions andcrashes as the underlying functions in the algorithm framework have notbeen updated to set the reqsize properly from cra_reqsize. [1]Add proper set_reqsize calls in the aead init function to properlyinitialize reqsize for these algorithms in the framework.[1]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b

Risk Information

Base Score

7.1

MODERATE

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score

Exploitation Probability

0.025

Associated Vulnerability

No records found

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234