CVE-2025-40182

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's crypto/skcipher implementation related to the handling of request sizes. A change introduced by commit afddce13ce81d added the cra reqsize field in the crypto alg structure, intended to replace type-specific request size fields. However, this change was prematurely applied to all crypto algorithms, including skcipher, before the underlying algorithm frameworks were updated to properly utilize the new field. This results in memory corruptions and crashes when cra reqsize is used in skcipher algorithms because the framework functions were not updated to set the request size correctly from cra reqsize. The issue is caused by improper initialization of the request size for these algorithms within the framework.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.