Linux Kernel AEAD Software Fallback Vulnerability in Hisilicon SEC Engine

Vulnerability

A vulnerability in the Linux kernel's cryptographic subsystem, specifically within the Hisilicon SEC engine, has been addressed. The issue stemmed from improper handling of the subrequest pointer, which led to misuse of private context memory. This flaw caused occasional operating system panics by setting the page size to 64K. The vulnerability arose during the AEAD (Authenticated Encryption with Associated Data) software fallback process.

Impact

Exploitation of this vulnerability could lead to a kernel panic, causing a denial of service by abruptly terminating system processes and potentially disrupting system stability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel AEAD Software Fallback Vulnerability in Hisilicon SEC Engine

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating