CVE-2025-40019

Linux Kernel 5.4.0-6.17.3 - DoS via ESSIV AEAD Cryptographic Operation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-40019. PoCs published by guard-wait, xooxo, 0xAtharv.

AI-analyzed exploit summary This PoC demonstrates a vulnerability in the Linux kernel's AF_ALG socket implementation, specifically targeting the 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)' algorithm. It crafts a malicious key structure to trigger improper handling in the crypto subsystem, potentially leading to a denial-of-service or other impacts.

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.

Exploits (3)

nomisec WORKING POC 1 stars
by guard-wait · poc
https://github.com/guard-wait/CVE-2025-40019_POC

This PoC demonstrates a vulnerability in the Linux kernel's AF_ALG socket implementation, specifically targeting the 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)' algorithm. It crafts a malicious key structure to trigger improper handling in the crypto subsystem, potentially leading to a denial-of-service or other impacts.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel (AF_ALG socket implementation)
No auth needed
Prerequisites: Access to a Linux system with AF_ALG socket support · Kernel version vulnerable to CVE-2025-40019
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by xooxo · poc
https://github.com/xooxo/CVE-2025-40019-Essiv

This PoC demonstrates a potential DoS vulnerability in the Linux kernel's ESSIV module (CVE-2025-40019) by triggering a kernel hang during cryptographic operations. The code interacts with the AF_ALG interface to manipulate scatterlist structures, which may lead to a deadlock or resource exhaustion.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (version not specified, likely recent)
No auth needed
Prerequisites: Access to a system with the vulnerable kernel module loaded · Ability to execute code with sufficient permissions to interact with AF_ALG sockets
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by 0xAtharv · poc
https://github.com/0xAtharv/CVE-2025-40019-POC

This PoC demonstrates an out-of-bounds memory access vulnerability in the Linux kernel's ESSIV implementation (CVE-2025-40019) due to insufficient validation of AAD length relative to IV size, leading to a kernel crash. The exploit triggers the bug by providing an assoclen smaller than ivsize, causing a negative offset in scatterwalk_map_and_copy.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Linux kernel (crypto/essiv.c)
No auth needed
Prerequisites: Access to a vulnerable Linux kernel version with the ESSIV module loaded
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Scores

EPSS 0.0003
EPSS Percentile 8.4%

Details

Status published
Products (25)
linux/Kernel 5.11.0 - 5.15.195linux
linux/Kernel 5.16.0 - 6.1.157linux
linux/Kernel 5.4.0 - 5.4.301linux
linux/Kernel 5.5.0 - 5.10.246linux
linux/Kernel 6.13.0 - 6.17.4linux
linux/Kernel 6.2.0 - 6.6.113linux
linux/Kernel 6.7.0 - 6.12.54linux
Linux/Linux < 5.4
Linux/Linux 5.10.246 - 5.10.*
Linux/Linux 5.15.195 - 5.15.*
... and 15 more
Published Oct 24, 2025
Tracked Since Feb 18, 2026