Linux Kernel Vulnerability Affecting Crypto Component by Linux Foundation

CVE-2025-40063

What is CVE-2025-40063?

A vulnerability in the Linux kernel affects the crypto component, specifically involving the misalignment of context allocation and freeing operations between structures. Due to structure layout randomization, a potential inconsistency can arise between the definition of alloc_ctx and free_ctx in scomp_alg and crypto_acomp_streams. This can be exploited if these operations are not aligned correctly, potentially leading to incorrect memory handling. The issue is mitigated by ensuring both structures share the same definition for context operations, improving the stability and security of cryptographic processes within the kernel.

References