Skip to content

CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept

CKI Backport Botrequested to merge
redhat/red-hat-ci-tools/kernel/bot-branches/centos-stream/src/kernel/centos-stream-9:backport-RHEL-102233-centos-stream-9-main into main

JIRA: https://issues.redhat.com/browse/RHEL-102233
CVE: CVE-2025-38079

commit b2df03ed4052e97126267e8c13ad4204ea6ba9b6
Author: Ivan Pravdin <ipravdin.official@gmail.com>
Date:   Sun May 18 18:41:02 2025 -0400

    crypto: algif_hash - fix double free in hash_accept
    
    If accept(2) is called on socket type algif_hash with
    MSG_MORE flag set and crypto_ahash_import fails,
    sk2 is freed. However, it is also freed in af_alg_release,
    leading to slab-use-after-free error.
    
    Fixes: fe869cdb89c9 ("crypto: algif_hash - User-space interface for hash operations")
    Cc: <stable@vger.kernel.org>
    Signed-off-by: Ivan Pravdin <ipravdin.official@gmail.com>
    Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Signed-off-by: CKI Backport Bot cki-ci-bot+cki-gitlab-backport-bot@redhat.com

Created 2025-07-08 05:09 UTC by backporter - KWF FAQ - Slack #team-kernel-workflow - Source - Documentation - Report an issue

Merge request reports