{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-71113", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:30:19.653Z", "datePublished": "2026-01-14T15:05:59.992Z", "dateUpdated": "2026-01-14T15:05:59.992Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-01-14T15:05:59.992Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - zero initialize memory allocated via sock_kmalloc\n\nSeveral crypto user API contexts and requests allocated with\nsock_kmalloc() were left uninitialized, relying on callers to\nset fields explicitly. This resulted in the use of uninitialized\ndata in certain error paths or when new fields are added in the\nfuture.\n\nThe ACVP patches also contain two user-space interface files:\nalgif_kpp.c and algif_akcipher.c. These too rely on proper\ninitialization of their context structures.\n\nA particular issue has been observed with the newly added\n'inflight' variable introduced in af_alg_ctx by commit:\n\n 67b164a871af (\"crypto: af_alg - Disallow multiple in-flight AIO requests\")\n\nBecause the context is not memset to zero after allocation,\nthe inflight variable has contained garbage values. As a result,\naf_alg_alloc_areq() has incorrectly returned -EBUSY randomly when\nthe garbage value was interpreted as true:\n\n https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209\n\nThe check directly tests ctx->inflight without explicitly\ncomparing against true/false. Since inflight is only ever set to\ntrue or false later, an uninitialized value has triggered\n-EBUSY failures. Zero-initializing memory allocated with\nsock_kmalloc() ensures inflight and other fields start in a known\nstate, removing random issues caused by uninitialized data."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/af_alg.c", "crypto/algif_hash.c", "crypto/algif_rng.c"], "versions": [{"version": "fe869cdb89c95d060c77eea20204d6c91f233b53", "lessThan": "f81244fd6b14fecfa93b66b6bb1d59f96554e550", "status": "affected", "versionType": "git"}, {"version": "fe869cdb89c95d060c77eea20204d6c91f233b53", "lessThan": "84238876e3b3b262cf62d5f4d1338e983fb27010", "status": "affected", "versionType": "git"}, {"version": "fe869cdb89c95d060c77eea20204d6c91f233b53", "lessThan": "5a4b65523608974a81edbe386f8a667a3e10c726", "status": "affected", "versionType": "git"}, {"version": "fe869cdb89c95d060c77eea20204d6c91f233b53", "lessThan": "51a5ab36084f3251ef87eda3e6a6236f6488925e", "status": "affected", "versionType": "git"}, {"version": "fe869cdb89c95d060c77eea20204d6c91f233b53", "lessThan": "6f6e309328d53a10c0fe1f77dec2db73373179b6", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["crypto/af_alg.c", "crypto/algif_hash.c", "crypto/algif_rng.c"], "versions": [{"version": "2.6.38", "status": "affected"}, {"version": "0", "lessThan": "2.6.38", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.160", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.120", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.64", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.3", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.1.160"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.6.120"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.12.64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.38", "versionEndExcluding": "6.19-rc1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/f81244fd6b14fecfa93b66b6bb1d59f96554e550"}, {"url": "https://git.kernel.org/stable/c/84238876e3b3b262cf62d5f4d1338e983fb27010"}, {"url": "https://git.kernel.org/stable/c/5a4b65523608974a81edbe386f8a667a3e10c726"}, {"url": "https://git.kernel.org/stable/c/51a5ab36084f3251ef87eda3e6a6236f6488925e"}, {"url": "https://git.kernel.org/stable/c/6f6e309328d53a10c0fe1f77dec2db73373179b6"}], "title": "crypto: af_alg - zero initialize memory allocated via sock_kmalloc", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - zero initialize memory allocated via sock_kmalloc\n\nSeveral crypto user API contexts and requests allocated with\nsock_kmalloc() were left uninitialized, relying on callers to\nset fields explicitly. This resulted in the use of uninitialized\ndata in certain error paths or when new fields are added in the\nfuture.\n\nThe ACVP patches also contain two user-space interface files:\nalgif_kpp.c and algif_akcipher.c. These too rely on proper\ninitialization of their context structures.\n\nA particular issue has been observed with the newly added\n'inflight' variable introduced in af_alg_ctx by commit:\n\n 67b164a871af (\"crypto: af_alg - Disallow multiple in-flight AIO requests\")\n\nBecause the context is not memset to zero after allocation,\nthe inflight variable has contained garbage values. As a result,\naf_alg_alloc_areq() has incorrectly returned -EBUSY randomly when\nthe garbage value was interpreted as true:\n\n https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209\n\nThe check directly tests ctx->inflight without explicitly\ncomparing against true/false. Since inflight is only ever set to\ntrue or false later, an uninitialized value has triggered\n-EBUSY failures. Zero-initializing memory allocated with\nsock_kmalloc() ensures inflight and other fields start in a known\nstate, removing random issues caused by uninitialized data."}], "id": "CVE-2025-71113", "lastModified": "2026-01-14T16:25:12.057", "metrics": {}, "published": "2026-01-14T15:16:00.433", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/51a5ab36084f3251ef87eda3e6a6236f6488925e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/5a4b65523608974a81edbe386f8a667a3e10c726"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6f6e309328d53a10c0fe1f77dec2db73373179b6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/84238876e3b3b262cf62d5f4d1338e983fb27010"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f81244fd6b14fecfa93b66b6bb1d59f96554e550"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{}