216.73.216.204

CVE-2025-71131

· Published 14/01/2026 16:16 · Author: The MITRE Corporation

Labels: CVE-2025-71131 2026-01-14416baaa9-dc9f-4396-8d5f-8c081fb06d67CVE-2025-71131

Essential information

Published
14/01/2026 16:16
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
EPSS (First)
P1.8% ?EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00114)
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as crypto_aead_encrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req->iv after it returns is invalid. Instead of checking req->iv against info, create a new variable unaligned_info and use it for that purpose instead.

NVD status

NVD
View on NVD