CVE-2025-71113

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: af_alg - zero initialize memory allocated via sock_kmalloc<br /> <br /> Several crypto user API contexts and requests allocated with<br /> sock_kmalloc() were left uninitialized, relying on callers to<br /> set fields explicitly. This resulted in the use of uninitialized<br /> data in certain error paths or when new fields are added in the<br /> future.<br /> <br /> The ACVP patches also contain two user-space interface files:<br /> algif_kpp.c and algif_akcipher.c. These too rely on proper<br /> initialization of their context structures.<br /> <br /> A particular issue has been observed with the newly added<br /> &amp;#39;inflight&amp;#39; variable introduced in af_alg_ctx by commit:<br /> <br /> 67b164a871af ("crypto: af_alg - Disallow multiple in-flight AIO requests")<br /> <br /> Because the context is not memset to zero after allocation,<br /> the inflight variable has contained garbage values. As a result,<br /> af_alg_alloc_areq() has incorrectly returned -EBUSY randomly when<br /> the garbage value was interpreted as true:<br /> <br /> https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209<br /> <br /> The check directly tests ctx-&gt;inflight without explicitly<br /> comparing against true/false. Since inflight is only ever set to<br /> true or false later, an uninitialized value has triggered<br /> -EBUSY failures. Zero-initializing memory allocated with<br /> sock_kmalloc() ensures inflight and other fields start in a known<br /> state, removing random issues caused by uninitialized data.