Linux kernel crypto essiv ssize underflow

Repository purpose: a minimal local proof-of-concept trigger for CVE-2025-40019 in the Linux kernel crypto ESSIV implementation (crypto/essiv.c). The bug is an insufficient validation of AEAD associated data length (req->assoclen) relative to IV size (crypto_aead_ivsize), allowing a negative offset (assoclen - ivsize) to be used as an unsigned start parameter in scatterwalk_map_and_copy(), leading to out-of-bounds access and a kernel crash. Structure: - pwn.c: Main PoC. Uses AF_ALG (Linux kernel crypto user API) to instantiate an AEAD transform named "essiv(authenc(hmac(sha256),cbc(aes)),sha256)". It builds a composite key buffer using rtnetlink rtattr layout (enc key length + auth key + enc key), sets it with setsockopt(ALG_SET_KEY), then crafts a sendmsg() with control messages: - ALG_SET_OP = ALG_OP_ENCRYPT - ALG_SET_IV with ivlen=16 - ALG_SET_AEAD_ASSOCLEN = 8 The payload data is [AAD(8 bytes)] + [plaintext(32 bytes)]. The key trigger condition is aad_len (8) < ivsize (16). - README.md and writeup.md: Detailed vulnerability explanation, root cause analysis, and patch snippet showing the fix (compute ssize=req->assoclen-ivsize and return -EINVAL if ssize<0). Includes an example crash trace (NULL deref in memcpy_to_sglist) and notes potential exploitability via heap grooming, but no exploitation primitives are implemented. - run.sh: Convenience script to reproduce in a QEMU VM (4G RAM, KVM, virtfs share, hostfwd 127.0.0.1:58613->:22, gdb stub enabled). Not part of the exploit logic itself. Exploit capabilities: - Local kernel attack surface trigger via AF_ALG AEAD interface. - Demonstrates reliable kernel oops/DoS by forcing the vulnerable negative-offset copy path. - No privilege escalation, infoleak, or RCE chain included; repository is a bug trigger PoC rather than a full exploit.

This repository contains a proof-of-concept (PoC) exploit for CVE-2025-40019, targeting the Linux kernel's ESSIV cryptographic module via the AF_ALG socket interface. The main file, '2test-essiv.c', is a C program that sets up an AEAD (Authenticated Encryption with Associated Data) operation using the ESSIV mode, configures keys, and attempts to perform an encryption operation. The code is designed to trigger or test for a vulnerability in the ESSIV implementation, potentially causing the kernel to hang or misbehave, as indicated by the poll timeout and debugging instructions in the code and README. The exploit is local and requires access to the kernel crypto API. The README provides additional context on kernel data structures relevant to exploitation. The repository is structured simply, with one C source file and a README, and is clearly marked as a work-in-progress PoC.

This repository contains a proof-of-concept (POC) exploit for CVE-2025-40019, as indicated by the README and the filename. The main file, 'poc.c', is a C program that demonstrates the use of the Linux kernel's AF_ALG socket interface to perform authenticated encryption using the 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)' algorithm. The code sets up custom keys, IV, and AAD, and sends a message to the kernel crypto API, then receives and prints the resulting ciphertext and authentication tag. This POC is likely intended to demonstrate or trigger a vulnerability in the kernel's cryptographic subsystem related to this algorithm. There are no network endpoints or remote attack vectors; the exploit is purely local and interacts with the kernel via the AF_ALG interface. The repository is minimal, containing only a license, a short README, and the exploit code.