CVE-2025-68726

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s crypto/aead implementation related to the handling of request sizes. A change introduced by commit afddce13ce81d added the cra reqsize field to the crypto alg structure, intended to replace type-specific request size fields. However, this change was incorrectly applied to all crypto algorithms, including aead, without updating the underlying functions to properly utilize cra reqsize. This improper handling leads to memory corruption and system crashes. The issue stems from the failure to properly initialize the request size for aead algorithms within the framework.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.