CVE-2025-71113 Overview
CVE-2025-71113 is an uninitialized memory use vulnerability in the Linux kernel's cryptographic user API (af_alg) subsystem. Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitly. This resulted in the use of uninitialized data in certain error paths or when new fields are added in the future, causing unpredictable behavior including random -EBUSY failures.
Critical Impact
Uninitialized memory in the kernel crypto subsystem can cause random operational failures, denial of service conditions, and potential information disclosure through garbage values being interpreted as valid data.
Affected Products
- Linux Kernel (af_alg crypto subsystem)
- Linux Kernel with ACVP patches (algif_kpp.c and algif_akcipher.c)
- Systems using cryptographic user-space API via AF_ALG sockets
Discovery Timeline
- 2026-01-14 - CVE CVE-2025-71113 published to NVD
- 2026-01-19 - Last updated in NVD database
Technical Details for CVE-2025-71113
Vulnerability Analysis
This vulnerability stems from improper memory initialization in the Linux kernel's cryptographic socket interface. The af_alg subsystem provides user-space access to kernel cryptographic algorithms through the AF_ALG socket family. When memory is allocated using sock_kmalloc() for crypto contexts and requests, the allocated memory was not zero-initialized, leaving fields containing arbitrary garbage values from previous memory usage.
A specific manifestation of this issue was observed with the inflight variable introduced in af_alg_ctx by commit 67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests"). Because the context was not memset to zero after allocation, the inflight variable contained garbage values. The af_alg_alloc_areq() function tests ctx->inflight directly without comparing against true/false, causing random -EBUSY failures when the garbage value was interpreted as true.
The ACVP patches also contain two user-space interface files (algif_kpp.c and algif_akcipher.c) that rely on proper initialization of their context structures, extending the impact of this vulnerability.
Root Cause
The root cause is the failure to zero-initialize memory allocated via sock_kmalloc() in the af_alg cryptographic subsystem. Memory allocation functions in the kernel do not guarantee zeroed memory unless explicitly requested. The code relied on callers to set all fields explicitly, but this assumption was violated when:
- New fields like inflight were added to existing structures
- Error paths accessed fields that were never explicitly initialized
- Future code changes assumed fields had known initial states
The fix ensures all memory allocated with sock_kmalloc() is zero-initialized, providing a known starting state for all fields and eliminating undefined behavior from garbage values.
Attack Vector
The vulnerability is triggered through local user-space interaction with the kernel's AF_ALG socket interface. An attacker or legitimate user application using the cryptographic API may experience:
- Random -EBUSY errors when the uninitialized inflight variable contains non-zero garbage
- Potential information leakage if uninitialized memory containing sensitive data is later read
- Denial of service through unpredictable crypto operation failures
The vulnerability requires local access and the ability to create AF_ALG sockets, which typically requires CAP_NET_RAW capability or appropriate socket permissions.
Detection Methods for CVE-2025-71113
Indicators of Compromise
- Random -EBUSY errors in kernel logs related to af_alg or cryptographic operations
- Inconsistent behavior in applications using AF_ALG sockets for cryptographic operations
- Kernel messages indicating issues with af_alg_alloc_areq() function
- Unexpected failures in ACVP testing or cryptographic validation suites
Detection Strategies
- Monitor kernel logs for cryptographic subsystem errors, particularly -EBUSY returns from af_alg functions
- Implement system call monitoring for AF_ALG socket operations showing inconsistent failure patterns
- Deploy kernel runtime instrumentation to detect uninitialized memory access in the crypto subsystem
- Review application logs for intermittent cryptographic API failures that cannot be reproduced consistently
Monitoring Recommendations
- Enable kernel KASAN (Kernel Address Sanitizer) to detect uninitialized memory use at runtime
- Configure audit rules to monitor AF_ALG socket creation and usage patterns
- Implement alerting for elevated rates of cryptographic operation failures
- Monitor for applications experiencing random -EBUSY errors when performing crypto operations
How to Mitigate CVE-2025-71113
Immediate Actions Required
- Update the Linux kernel to a patched version that includes the zero-initialization fix
- Review applications using AF_ALG sockets for error handling of -EBUSY conditions
- Consider disabling AF_ALG socket access for non-privileged users until patched
- Implement retry logic in applications to handle transient crypto API failures
Patch Information
The vulnerability has been addressed in multiple kernel stable branches. The fix ensures memory allocated via sock_kmalloc() is zero-initialized, providing known initial states for all context and request fields.
Available patches can be found at:
- Linux Kernel Commit 51a5ab36084f
- Linux Kernel Commit 543bf004e4ea
- Linux Kernel Commit 5a4b65523608
- Linux Kernel Commit 6f6e309328d5
- Linux Kernel Commit 84238876e3b3
- Linux Kernel Commit e125c8e346e4
- Linux Kernel Commit f81244fd6b14
Workarounds
- Restrict AF_ALG socket creation to privileged users only via system configuration
- Implement application-level retry mechanisms for cryptographic operations that fail with -EBUSY
- Use alternative cryptographic libraries that don't rely on the kernel AF_ALG interface
- Apply kernel live patching if available for your distribution
# Restrict AF_ALG socket access (temporary workaround)
# Add to /etc/sysctl.conf or /etc/sysctl.d/99-af_alg.conf
# Note: This may impact applications requiring crypto API access
# Monitor for af_alg related errors
dmesg | grep -i "af_alg\|crypto"
# Check current kernel version
uname -r
# Verify if patched commits are present (example for one commit)
git log --oneline | grep "af_alg - zero initialize"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
