Zero-Length Skcipher Request Vulnerability in Linux Kernel by Marvell
CVE-2025-38173

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-38173?

A vulnerability in the Linux kernel affects Marvell's cryptographic engine, specifically regarding the handling of zero-length symmetric key cipher (skcipher) requests. This issue leads to the unpredictable behavior of accessing random memory, which can be exploited. The proper fix ensures that such requests simply return 0 instead of compromising system stability, safeguarding against potential data leaks or system crashes.

Affected Version(s)

Linux f63601fd616ab370774fa00ea10bcaaa9e48e84c < 32d3e8049a8b60f18c5c39f5931bfb1130ac11c9

Linux f63601fd616ab370774fa00ea10bcaaa9e48e84c

References

https://git.kernel.org/stable/c/32d3e8049a8b60f18c5c39f59...

https://git.kernel.org/stable/c/c064ae2881d839709bd72d484...

https://git.kernel.org/stable/c/e1cc69da619588b1488689fe3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Apr 16, 2025