CVE-2025-38079
📋 TL;DR
This CVE describes a double-free vulnerability in the Linux kernel's crypto subsystem, specifically in the algif_hash socket interface. When accept() is called with MSG_MORE flag and crypto_ahash_import fails, the same memory is freed twice, leading to memory corruption. This affects systems using Linux kernel with the affected crypto module loaded.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory corruption leading to system crash, privilege escalation, or remote code execution depending on exploit sophistication.
Likely Case
Kernel panic or system crash causing denial of service.
If Mitigated
Limited impact if exploit attempts are blocked by security controls or affected module not in use.
🎯 Exploit Status
Requires local access or ability to create specific socket operations. Exploit would need to trigger the specific error condition.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with fixes referenced in CVE
Vendor Advisory: https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply patches from kernel.org stable branches. 3. Reboot system after kernel update.
🔧 Temporary Workarounds
Disable vulnerable module
linuxPrevent loading of the algif_hash module if not required
echo 'install algif_hash /bin/false' >> /etc/modprobe.d/disable-algif_hash.conf
rmmod algif_hash 2>/dev/null || true
Restrict socket access
linuxLimit which users can create crypto sockets
# Use SELinux/AppArmor to restrict AF_ALG socket creation
# Or implement custom seccomp filters
🧯 If You Can't Patch
- Ensure CONFIG_CRYPTO_USER_API_HASH is disabled in kernel configuration
- Implement strict access controls to prevent unauthorized users from creating crypto sockets
🔍 How to Verify
Check if Vulnerable:
Check if algif_hash module is loaded: lsmod | grep algif_hash. Check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated to patched version and algif_hash module is either not loaded or updated.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages mentioning 'slab-use-after-free'
- System crashes or panics related to crypto operations
- dmesg entries about algif_hash or hash_accept failures
Network Indicators:
- Unusual socket creation patterns for AF_ALG sockets
SIEM Query:
source="kernel" AND ("slab-use-after-free" OR "algif_hash" OR "hash_accept")🔗 References
- https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967
- https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993
- https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896
- https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633
- https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6
- https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf
- https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547
- https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
