Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-71131

CVE-2025-71131: Linux Kernel Use-After-Free Vulnerability

CVE-2025-71131 is a use-after-free flaw in the Linux Kernel crypto subsystem that occurs when dereferencing req->iv after crypto_aead_encrypt. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2025-71131 Overview

CVE-2025-71131 is a use-after-free vulnerability in the Linux kernel's crypto/seqiv sequence IV generator. The flaw resides in the AEAD (Authenticated Encryption with Associated Data) sequential IV generation path. After crypto_aead_encrypt is invoked, the underlying request structure can be freed by an asynchronous completion handler. The kernel code then dereferences req->iv, producing a use-after-free condition. A local, authenticated attacker can trigger the issue to cause kernel memory corruption and a denial of service. The vulnerability affects the mainline kernel including version 2.6.25 and recent 6.19-rc development releases.

Critical Impact

Local low-privileged users can trigger kernel-level memory corruption in the crypto subsystem, causing system instability or denial of service through asynchronous AEAD completions.

Affected Products

  • Linux kernel 2.6.25 (initial introduction of affected seqiv code path)
  • Linux kernel 6.19-rc1 through 6.19-rc8
  • Multiple stable branches addressed via backported fixes

Discovery Timeline

  • 2026-01-14 - CVE-2025-71131 published to NVD
  • 2026-03-25 - Last updated in NVD database

Technical Details for CVE-2025-71131

Vulnerability Analysis

The vulnerability exists in the seqiv (sequence IV) template within the Linux kernel cryptographic API. The seqiv generator wraps AEAD transforms to provide IV sequencing for algorithms such as GCM and CCM. In the affected code path, the sequencing logic calls crypto_aead_encrypt and subsequently compares req->iv against a previously stored info pointer to detect IV alignment fixups.

The problem is that crypto_aead_encrypt can complete asynchronously. When the underlying transform driver processes the request out-of-band, such as hardware crypto accelerators or async software workers, the completion callback may free the request before the caller returns. Dereferencing req->iv after the call therefore reads freed memory.

Exploitation results in kernel memory corruption with availability impact. There is no confidentiality or integrity impact reflected in the CVSS vector, consistent with a destabilization-class flaw rather than information disclosure or privilege escalation.

Root Cause

The root cause is a lifetime assumption violation. The seqiv code assumed req and its iv field remained valid after crypto_aead_encrypt returned. The asynchronous crypto API contract permits the request to be reclaimed by the completion path before the function returns. The upstream fix introduces a local variable named unaligned_info that captures the alignment state before the encrypt call. The comparison no longer dereferences the potentially freed req->iv pointer.

Attack Vector

The attack vector is local. An attacker requires the ability to invoke kernel cryptographic operations, typically through interfaces like AF_ALG sockets, dm-crypt, IPsec, or any userspace path that exercises an AEAD transform built on seqiv. By repeatedly submitting AEAD encryption requests against an asynchronous transform implementation, an attacker can race the completion handler against the seqiv post-encrypt logic. Successful exploitation produces a use-after-free read in kernel context. No user interaction is required and authentication is limited to local shell or container access. The flaw does not provide a direct code execution primitive but can lead to kernel panic and broader instability.

No public proof-of-concept exploit code is available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Detection Methods for CVE-2025-71131

Indicators of Compromise

  • Kernel oops or panic messages referencing seqiv_aead_encrypt, crypto_aead_encrypt, or KASAN use-after-free reports in the crypto subsystem
  • Unexpected kernel log entries citing slab-use-after-free in kmem_cache allocations tied to AEAD request structures
  • Repeated crashes on systems exercising IPsec, dm-crypt, or AF_ALG workloads under load

Detection Strategies

  • Enable KASAN (CONFIG_KASAN=y) on test kernels to catch the use-after-free at runtime before production deployment
  • Audit running kernel version against the fixed commits listed in the kernel.org stable advisories
  • Correlate kernel crash telemetry with processes invoking AEAD ciphers via AF_ALG or kernel TLS

Monitoring Recommendations

  • Forward /var/log/kern.log and dmesg output to a centralized logging platform and alert on BUG:, KASAN:, and Oops: strings
  • Track unprivileged process usage of AF_ALG sockets which is the most common local trigger surface
  • Monitor kernel version inventory across the fleet to confirm patched builds are deployed

How to Mitigate CVE-2025-71131

Immediate Actions Required

  • Apply the upstream stable kernel updates that include the seqiv fix introducing the unaligned_info variable
  • Identify all hosts running 6.19-rc development kernels and roll them back to a patched stable release
  • Restrict access to AF_ALG sockets where it is not required by setting appropriate seccomp filters or disabling CONFIG_CRYPTO_USER_API

Patch Information

The fix is distributed across multiple stable branches. Relevant commits include Kernel Git Commit 0279978, Kernel Git Commit 1820253, Kernel Git Commit 50f196d, Kernel Git Commit 50fdb78, Kernel Git Commit 5476f7f, Kernel Git Commit baf0e2d, and Kernel Git Commit ccbb964. The patch removes the post-encrypt dereference of req->iv and substitutes a stack-local unaligned_info value.

Workarounds

  • Disable CONFIG_CRYPTO_USER_API_AEAD in custom kernel builds where AEAD operations from userspace are not needed
  • Apply seccomp filters to block unprivileged processes from creating AF_ALG sockets
  • Prefer synchronous AEAD implementations on affected hosts until the patched kernel is deployed
bash
# Verify running kernel version and check for AF_ALG exposure
uname -r
grep CONFIG_CRYPTO_USER_API /boot/config-$(uname -r)

# Block AF_ALG creation for unprivileged users via seccomp profile (containers)
# Example Docker run flag to drop the capability surface
docker run --security-opt seccomp=/etc/docker/seccomp-no-afalg.json <image>

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.