ACK: [SRU][J/N/Q][PATCH 0/1] CVE-2025-40019
Philip Cox
philip.cox at canonical.com
Wed Nov 19 14:46:45 UTC 2025
On 2025-11-18 8:03 p.m., Ian Whitfield wrote:
> [Impact]
>
> crypto: essiv - Check ssize for decryption and in-place encryption
>
> Move the ssize check to the start in essiv_aead_crypt so that
> it's also checked for decryption and in-place encryption.
>
> [Backport]
>
> Patch applied cleanly.
>
> [Fix]
>
> Questing: cherry pick
> Noble: cherry pick
> Jammy: cherry pick
> Focal: PR opened on Forgejo
> Bionic: Not affected
> Xenial: Not affected
> Trusty: Not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects ESSIV, an IV generator for fscrypt and dm-crypt, which can be
> used in disk encryption. An issue with this fix would be visible to the user as
> unexpected kernel behavior when encrypting or decrypting files on disk.
>
> Herbert Xu (1):
> crypto: essiv - Check ssize for decryption and in-place encryption
>
> crypto/essiv.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
Acked-by: Philip Cox <philip.cox at canonical.com>
More information about the kernel-team
mailing list