CVE-2025-71131
Low
Low
Medium
High
Critical
CVSS Score
Published: Jan 14, 2026
Last Modified: Jan 14, 2026
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
As soon as crypto_aead_encrypt is called, the underlying request
may be freed by an asynchronous completion. Thus dereferencing
req->iv after it returns is invalid.
Instead of checking req->iv against info, create a new variable
unaligned_info and use it for that purpose instead.
References & Resources
-
https://git.kernel.org/stable/c/0279978adec6f1296af66b642cce641c6580be46416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
https://git.kernel.org/stable/c/50f196d2bbaee4ab2494bb1b0d294deba292951a416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
https://git.kernel.org/stable/c/50fdb78b7c0bcc550910ef69c0984e751cac72fa416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
https://git.kernel.org/stable/c/5476f7f8a311236604b78fcc5b2a63b3a61b0169416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
https://git.kernel.org/stable/c/ccbb96434d88e32358894c879457b33f7508e798416baaa9-dc9f-4396-8d5f-8c081fb06d67
Severity Details
out of 10.0
Low
Key Information
- Published Date
- January 14, 2026
