Linux Kernel Marvell CESA Zero-Length Skcipher Request Memory Access Vulnerability

Vulnerability

A vulnerability in the Linux kernel's Marvell Cryptographic Engine Secure Acceleration (CESA) module has been addressed. This issue involved improper handling of zero-length symmetric key cipher (skcipher) requests, which led to access of random memory. The vulnerability has been resolved by ensuring that zero-length skcipher requests are properly managed, with the function now returning a value of 0 instead of accessing arbitrary memory.

Impact

Exploitation of this vulnerability could lead to unauthorized access of random memory, potentially causing information leakage or other unintended consequences.

Added: Jul 3, 2025, 9:17 AM

Updated: Jul 3, 2025, 9:17 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Marvell CESA Zero-Length Skcipher Request Memory Access Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating