CVE-2025-40019

high

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.

References

https://git.kernel.org/stable/c/f37e7860dc5e94c70b4a3e38a5809181310ea9ac

https://git.kernel.org/stable/c/df58651968f82344a0ed2afdafd20ecfc55ff548

https://git.kernel.org/stable/c/dc4c854a5e7453c465fa73b153eba4ef2a240abe

https://git.kernel.org/stable/c/da7afb01ba05577ba3629f7f4824205550644986

https://git.kernel.org/stable/c/6bb73db6948c2de23e407fe1b7ef94bf02b7529f

https://git.kernel.org/stable/c/248ff2797ff52a8cbf86507f9583437443bf7685

Details

Source: Mitre, NVD

Published: 2025-10-24

Updated: 2025-10-24

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Severity: High

EPSS

EPSS: 0.00014