[SRU][J][PATCH 9/9] crypto: algif_aead - Fix minimum RX size check for decryption

Thu Apr 30 12:30:37 UTC 2026

From: Herbert Xu <herbert at gondor.apana.org.au>

commit 3d14bd48e3a77091cbce637a12c2ae31b4a1687c upstream.

The check for the minimum receive buffer size did not take the
tag size into account during decryption.  Fix this by adding the
required extra length.

Reported-by: syzbot+aa11561819dc42ebbc7c at syzkaller.appspotmail.com
Reported-by: Daniel Pouzzner <douzzer at mega.nu>
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
Signed-off-by: Eric Biggers <ebiggers at kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
(cherry picked from commit fd427dd84f224309afbcc2cb67c7bb770a01265c linux-5.15.y)
CVE-2026-31431
Signed-off-by: Massimiliano Pellizzer <massimiliano.pellizzer at canonical.com>
---
 crypto/algif_aead.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index 24e77f4968a61..4a285994d106c 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -150,7 +150,7 @@ static int _aead_recvmsg(struct socket *sock, struct msghdr *msg,
 	if (usedpages < outlen) {
 		size_t less = outlen - usedpages;
 
-		if (used < less) {
+		if (used < less + (ctx->enc ? 0 : as)) {
 			err = -EINVAL;
 			goto free;
 		}
-- 
2.53.0


