CVE-2025-40019

This PoC demonstrates a vulnerability in the Linux kernel's AF_ALG socket implementation, specifically targeting the 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)' algorithm. It crafts a malicious key structure to trigger improper handling in the crypto subsystem, potentially leading to a denial-of-service or other impacts.

This PoC demonstrates an out-of-bounds memory access vulnerability in the Linux kernel's ESSIV implementation (CVE-2025-40019) due to insufficient validation of AAD length relative to IV size, leading to a kernel crash. The exploit triggers the bug by providing an assoclen smaller than ivsize, causing a negative offset in scatterwalk_map_and_copy.

This PoC demonstrates a potential DoS vulnerability in the Linux kernel's ESSIV module (CVE-2025-40019) by triggering a kernel hang during cryptographic operations. The code interacts with the AF_ALG interface to manipulate scatterlist structures, which may lead to a deadlock or resource exhaustion.