CVE-2025-40019

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-40019
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40019.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-40019
Downstream
Related
Published
2025-10-24T11:44:29.864Z
Modified
2025-11-28T02:34:14.290550Z
Summary
crypto: essiv - Check ssize for decryption and in-place encryption
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: essiv - Check ssize for decryption and in-place encryption

Move the ssize check to the start in essivaeadcrypt so that it's also checked for decryption and in-place encryption.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40019.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
be1eb7f78aa8fbe34779c56c266ccd0364604e71
Fixed
29294dd6f1e7acf527255fb136ffde6602c3a129
Fixed
71f03f8f72d9c70ffba76980e78b38c180e61589
Fixed
df58651968f82344a0ed2afdafd20ecfc55ff548
Fixed
248ff2797ff52a8cbf86507f9583437443bf7685
Fixed
f37e7860dc5e94c70b4a3e38a5809181310ea9ac
Fixed
dc4c854a5e7453c465fa73b153eba4ef2a240abe
Fixed
da7afb01ba05577ba3629f7f4824205550644986
Fixed
6bb73db6948c2de23e407fe1b7ef94bf02b7529f

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.4.0
Fixed
5.4.301
Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.246
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.195
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.157
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.113
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.54
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.4