ACK: [SRU][J/N/Q][PATCH 0/1] CVE-2025-40019
Tim Whisonant
tim.whisonant at canonical.com
Thu Nov 20 01:27:21 UTC 2025
On Tue, Nov 18, 2025 at 05:03:37PM -0800, Ian Whitfield wrote:
> [Impact]
>
> crypto: essiv - Check ssize for decryption and in-place encryption
>
> Move the ssize check to the start in essiv_aead_crypt so that
> it's also checked for decryption and in-place encryption.
>
> [Backport]
>
> Patch applied cleanly.
>
> [Fix]
>
> Questing: cherry pick
> Noble: cherry pick
> Jammy: cherry pick
> Focal: PR opened on Forgejo
> Bionic: Not affected
> Xenial: Not affected
> Trusty: Not affected
>
> [Test Case]
>
> Compile and boot tested.
>
> [Where problems could occur]
>
> This fix affects ESSIV, an IV generator for fscrypt and dm-crypt, which can be
> used in disk encryption. An issue with this fix would be visible to the user as
> unexpected kernel behavior when encrypting or decrypting files on disk.
>
> Herbert Xu (1):
> crypto: essiv - Check ssize for decryption and in-place encryption
>
> crypto/essiv.c | 14 ++++++--------
> 1 file changed, 6 insertions(+), 8 deletions(-)
>
> --
> 2.43.0
>
Acked-by: Tim Whisonant <tim.whisonant at canonical.com>
More information about the kernel-team
mailing list