Vulnerability in Linux Kernel Affecting Crypto Implementations
CVE-2025-71131

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 14 January 2026

What is CVE-2025-71131?

A vulnerability in the Linux kernel's crypto subsystem could lead to improper memory management when using the seqiv mechanism. Specifically, the issue arises after calling the crypto_aead_encrypt function, where the underlying request might be freed through asynchronous completion. This results in dereferencing an invalid memory reference by attempting to access req->iv. The resolution involves creating a new variable, unaligned_info, to avoid utilizing req->iv post-encryption, thereby improving stability and security of affected systems.

Affected Version(s)

Linux 0a270321dbf948963aeb0e8382fe17d2c2eb3771 < 18202537856e0fae079fed2c9308780bcff2bb9d

Linux 0a270321dbf948963aeb0e8382fe17d2c2eb3771

Linux 0a270321dbf948963aeb0e8382fe17d2c2eb3771 < 50f196d2bbaee4ab2494bb1b0d294deba292951a

References

https://git.kernel.org/stable/c/18202537856e0fae079fed2c9...

https://git.kernel.org/stable/c/baf0e2d1e03ddb04781dfe7f2...

https://git.kernel.org/stable/c/50f196d2bbaee4ab2494bb1b0...

Timeline

Vulnerability published
Jan 14, 2026
Vulnerability Reserved
Jan 13, 2026

JSON