Memory Corruption in Linux Kernel Crypto Algorithms
CVE-2025-40182

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40182?

A vulnerability exists in the Linux kernel related to improper handling of request size in skcipher algorithms. Introduced with the addition of the cra_reqsize field in the crypto_alg structure, the lack of proper initialization in the algorithm framework can lead to memory corruption and crashes. This issue arises when the request size is not accurately set, resulting in undefined behavior during cryptographic operations. Proper initialization routines are necessary to mitigate risks associated with this vulnerability.

Affected Version(s)

Linux afddce13ce81d52a13898fa0700917835c71acd6

Linux afddce13ce81d52a13898fa0700917835c71acd6 < 229c586b5e86979badb7cb0d38717b88a9e95ddd

Linux 6.16

References

https://git.kernel.org/stable/c/f041339d6b9a5a46437f0c48f...

https://git.kernel.org/stable/c/229c586b5e86979badb7cb0d3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON