Kernel CVE-2025-38173: Zero-Length Skcipher Fix in Marvell CESA Driver

  • Thread Author
The Linux kernel CVE-2025-38173 has been assigned to a small but consequential fix in the Marvell CESA crypto driver: the kernel now explicitly handles zero‑length skcipher requests by returning 0 instead of dereferencing memory it shouldn't touch. The change is tiny in code — a defensive check that bails out early on req->cryptlen == 0 — but its implications matter for system stability, correctness, and the long tail of devices and images that run vendor kernels or long‑lived appliance firmware. This article unpacks the technical root cause, traces the upstream timeline and affected releases, evaluates real‑world risk, and gives a practical, prioritized remediation and detection playbook for administrators and integrators responsible for Linux fleets and embedded devices.

Background / Overview​

The affected component is the Marvell CESA crypto driver in the Linux kernel, which implements hardware‑accelerated cryptographic operations for platforms using Marvell’s CESA (Cryptographic Engine and Security Accelerator). The kernel exposes several crypto API entry points (including skcipher for symmetric key cipher operations) and the CESA driver implements these interfaces so userland and other kernel consumers can offload crypto work to hardware.
A skcipher request carries metadata describing source buffers, destination buffers, and the number of bytes to process (cryptlen). In normal operation, cryptlen is positive and the driver prepares DMA, descriptor rings, or hardware command structures to perform encryption/decryption. If the driver assumes cryptlen > 0 without a defensive check, a zero‑length request can cause it to access uninitialized pointers, index past allocated buffers, or otherwise read arbitrary memory — which in kernel space can produce crashes, kernel panics, or subtle corruption. The fix for CVE‑2025‑38173 prevents that by making zero‑length requests a no‑op: the handler immediately returns success (0).

What changed (technical summary)​

At the code level the patch is surgical: it adds a guard at the start of the skcipher queueing routine so that when req->cryptlen equals zero the driver returns 0 instead of proceeding to the normal initialization path. The upstream patch diff published by kernel crypto maintainers shows the three‑line change in drivers/crypto/marvell/cesa/cipher.c:
  • Add:
  • if (!req->cryptlen)
  • return 0;
That is, the routine that previously assumed a positive cryptlen now checks for a zero length and exits early. The patch was proposed and signed off in the Linux crypto mailing list and then merged into the stable trees. The upstream CVE announcement and the patch email both explicitly cite this defensive insert and note it fixes cases where tests produced ENOMEM or other errors when fed zero‑length test vectors.
Why that small change is the correct fix: a zero‑length crypto operation is semantically a no‑op for the cryptographic primitive. Returning success avoids unnecessary allocation or DMA programming and prevents any accidental use of uninitialised pointers or lengths elsewhere in the driver. By returning 0 the driver preserves the API contract without changing behavior for any valid positive-length calls.

Affected code, versions, and timeline​

The Linux kernel CVE team’s announcement lists the precise file and the commits that introduced and fixed the issue: the defect originates in the introduction of the Marvell CESA driver in 4.2 (commit f63601fd…) and was remedied in multiple stable release branches with specific commits (for example, fixes recorded against stable 5.4.295 and 5.10.239 among others). The affected source file is drivers/crypto/marvell/cesa/cipher.c. The kernel community’s CVE post catalogs the canonical commit IDs for the fixes and points operators to those commits if they must cherry‑pick.
Key timeline facts you can rely on:
  • Issue introduced with the initial marvell/cesa driver work (identified to originate from the commit that added the driver in the 4.2 era).
  • Fixes merged into stable kernel branches and backported into later stable releases; stable commit identifiers are published in the upstream CVE announcement and in patch logs.
Be aware: stable-tree backports exist for multiple versions (the kernel team lists several per the upstream announcement). For practical triage you should map your running kernel to the upstream fix commit or to vendor package metadata rather than assume a kernel major version is automatically safe.

Severity and exploitability — how serious is this?​

From a conventional security‑impact taxonomy, CVE‑2025‑38173 is primarily an availability/stability bug rather than a confidentiality or code‑execution hole. Public trackers list the commonly used CVSS v3.1 vector as AV:L/AC:L/PR:L/UI:N with an overall Medium rating (for example, score ~5.5 in many vendor feeds). The NVD and multiple distribution advisories describe the remediation as addressing an out‑of‑bounds access or unintended memory read that can cause crashes or other availability problems if a zero‑length request were to reach unguarded code paths.
Exploitability in the wild looks low by objective measures:
  • EPSS and exploit telemetry for this CVE are negligible to tiny in published trackers, indicating no known widespread weaponization; OpenCVE and CVE aggregator feeds show very low EPSS values.
  • The attack vector is local: code or a process must be able to make skcipher requests that are handled by the Marvell CESA driver. That implies the attacker needs local privileges (or a local process context that can call the crypto API), which narrows the practical attack surface compared with remote RCE vulnerabilities.
Put together: this is a medium‑severity local availability flaw that is simple to fix and does not, per public analysis, impart a remote code‑execution primitive. Nevertheless, stability bugs at the kernel level are important operationally — they can crash key services, affect appliances that rely on hardware crypto, and complicate live‑patching of embedded images.

Who should care (threat surface)​

  • Systems and appliances that include Marvell SoCs or NICs offering CESA hardware acceleration are directly relevant. Many embedded products, network appliances, and specialized SoC devices use Marvell crypto engines.
  • Standard Linux hosts will only be affected if the kernel build contains the driver (either built‑in or as a module) and the system exposes an interface that accepts skcipher requests backed by that driver. On many desktop and server builds this driver may not be present; in embedded distributions and vendor images it is more likely to be used.
  • Cloud images and vendor kernels: distribution kernels and vendor‑supplied images can carry backported or unpatched drivers depending on their maintenance cycle — consult your distribution advisories and your image vendor’s attestations. Multiple distributors (Ubuntu, SUSE, Debian and others) have published advisories and packages addressing the issue.
Operationally, the most urgent targets are:
  • Embedded appliances with limited or no live‑patch capability.
  • Managed images used in fleets where local, unprivileged processes may be able to invoke crypto operations (CI runners, multi‑tenant host OSes with permissive capabilities).
  • Custom kernel builds and vendor images that lag upstream.

Verification: how to check whether your hosts are affected​

Do not rely on version numbers alone. Instead, perform artifact‑level checks.
  • Identify the running kernel and package metadata:
  • uname -r
  • Check /boot/config-$(uname -r) or /proc/config.gz for build configuration (search for a marvell/cesa symbol or for CONFIG_CESA or similar). If the symbol or driver configuration appears enabled, the binary likely includes the driver.
  • Look for the driver module or symbol:
  • lsmod | grep -i cesa
  • modinfo cesa (if the driver is modular and present)
  • grep -R "marvell.*cesa" /lib/modules/$(uname -r) (to locate module files)
  • If you have the kernel source or binary, search for the affected file path:
  • drivers/crypto/marvell/cesa/cipher.c presence indicates the code path in question is compiled into the tree.
  • Cross‑check vendor/distribution advisories and the CVE mapping for your distro package version to confirm whether the fix is present in the packaged kernel you run. Distribution advisories (Ubuntu USNs, SUSE security pages, Debian LTS advisories) map CVE‑2025‑38173 to specific package releases — use them for package-level verification.
If you cannot conclusively determine the kernel’s code content from package metadata, treat the host as potentially affected until you either install a vendor patch or rebuild the kernel with the explicit fix.

Patching and remediation guidance (prioritized)​

The definitive remediation is to install a kernel that contains the upstream fix or the vendor backport. The kernel CVE announcement and vendor advisories give the exact commit IDs and the package mappings for common distributions. Follow your organization’s change‑control procedures — but prioritize hosts that run Marvell CESA hardware and appliances with limited update windows.
  • Immediate (0–48 hours)
  • Inventory hosts that run Marvell CESA hardware or include the cesa driver. Prioritize embedded appliances, network appliances, and multi‑tenant hosts.
  • Apply vendor/distributor kernel security updates where those packages map CVE‑2025‑38173 to fixed releases. Ubuntu, SUSE, Debian, and other distributors have issued advisories and updates — install them and reboot into the updated kernel.
  • If you are using Microsoft‑provided Linux artifacts (e.g., Azure images) consult the vendor attestation/CSAF statements for those images and update accordingly; when in doubt, rebuild or replace images with vendor‑published patched images.
  • Short term (if package update is not feasible)
  • If you do not use the CESA functionality, consider blacklisting the module (for modprobeable builds) by adding it to the kernel command‑line or to /etc/modprobe.d/blacklist.conf (for example: blacklist cesa). Caveat: disabling the driver may disable hardware crypto for other workloads; evaluate impact before blacklisting.
  • Limit untrusted local access to interfaces that can submit skcipher requests. Reducing local privileges (restricting who can invoke crypto syscalls or access /dev nodes that talk to the kernel’s crypto framework) reduces the exposure window.
  • Longer term
  • For custom kernels, cherry‑picking the small fix is technically possible (the patch is minimal), but the upstream kernel team strongly recommends updating to a full stable kernel release instead of selectively applying single commits unless you control the full build/test process. The kernel CVE announcement explicitly calls out that updating to a stable kernel release is the preferred approach.
Notes on vendor packaging: distributors may backport the fix to older stable kernels rather than requiring a full kernel version jump. Always cross‑check vendor changelogs and package metadata to confirm presence of the fix before declaring a host remediated.

Detection and forensics​

Because the bug manifests as an incorrect memory access path for zero‑length skcipher requests, practical detection signals are:
  • Kernel oops, oops traces, or logged stack traces referencing the CESA driver or crypto skcipher routines in dmesg/journalctl -k. Collect and preserve kernel logs and any kdump output for post‑mortem.
  • Application errors where crypto APIs return ENOMEM or other errors unexpectedly when running legitimate workloads that may feed corner‑case vectors to the crypto API (for example, test harnesses or malformed userland inputs).
  • Reproductions in test labs: feeding intentionally zero‑length skcipher requests to the kernel crypto APIs (only in isolated test environments) should not crash or produce memory accesses after the fix; before patching a controlled reproduction may surface symptoms. Do not run PoCs in production. The upstream patch discussion noted test vectors that produced ENOMEM and that zero‑length test vectors were implicated in many observed failures.
For enterprise forensics, correlate crash windows to recent changes (module loads, new workloads, automated testing harnesses) and identify whether any untrusted local actor could have submitted skcipher requests.

Why this small fix is important​

Kernel‑space correctness is unforgiving: even minor assumptions (like “cryptlen will always be > 0”) can lead to out‑of‑bounds behavior when unanticipated inputs appear — whether from buggy userland, fuzzers, or corner-case operations. The Marvell CESA change is an archetypal defensive correction: adding a single input validation check prevents undefined reads and preserves the kernel’s stability.
The operational lesson is twofold:
  • Sanitizer and fuzzer‑found correctness issues — even when they appear purely as “edge cases” — deserve real prioritization because they often translate into reliability problems in production, especially on devices with constrained update lifecycles.
  • Small upstream fixes still require operational throughput: backports, packaging, testing, and firmware updates for appliances. That non‑technical work is often the real friction in remediation.
Upstream explicitly documented the affected file and offered multiple commit IDs for stable branches; distributions followed with advisories and packages mapping the CVE to fixed releases. Cross‑referencing the kernel CVE announcement with distribution advisories is the fastest way to validate that your specific kernel package includes the fix.

Cross‑verification of claims (sources & what we checked)​

To verify the technical facts presented here we cross‑checked:
  • The Linux kernel CVE announcement (linux‑cve‑announce) which lists the CVE, the affected file (drivers/crypto/marvell/cesa/cipher.c), and the upstream commit IDs for fixes. This is the primary canonical listing maintained by the kernel CVE team.
  • The upstream patch mailing list entry and published patch diff (crypto mailing list / spinics archive) which shows the exact code insertion (the zero‑length check) and the small diff in cipher.c. That patch email is the authoritative source for what actually changed in the driver.
  • Distribution advisories and vulnerability databases (Ubuntu, SUSE, Debian/OSV, NVD) to confirm severity mapping, package status, and the fact that multiple distributions distributed fixes or backports. These sources provide vendor package references and CVSS guidance.
  • Aggregators (CVEDetails / OpenCVE) for additional cross‑checks on EPSS/impact metrics and to see the list of referenced stable commits. These corroborate the canonical upstream and vendor data.
Where direct retrieval of git commit bodies from git.kernel.org was restricted by tooling in this session, the kernel CVE announcement and the published patch email carry the necessary authoritative detail. If you require the raw commit text for audit, pull it directly from the kernel stable git tree or fetch the commit IDs referenced in vendor advisories; the kernel CVE announcement lists the stable commit IDs you can use for that purpose.

Practical checklist for administrators (actionable)​

  • Inventory:
  • Find hosts with Marvell CESA hardware or with the cesa driver compiled in or present as a module. Use uname -r, /boot/config-*, lsmod, and /lib/modules scans to identify candidates.
  • Patch:
  • Apply vendor/distributor kernel updates that explicitly map CVE‑2025‑38173 to fixed package versions. Reboot into the updated kernels.
  • Validate:
  • Confirm the running kernel contains the upstream fix by checking the vendor changelog or by searching the kernel source tree in your package for the zero‑length check in drivers/crypto/marvell/cesa/cipher.c.
  • Contain (if immediate patching is impossible):
  • If CESA is unused, consider blacklisting the driver or otherwise disabling it after validating the impact.
  • Limit local unprivileged access that could submit skcipher requests.
  • Monitor:
  • Alert on kernel oopses referencing crypto/cesa or unexpected ENOMEM/crypto errors after remediation windows to catch regressions or incomplete rollouts.

Conclusion​

CVE‑2025‑38173 is a compact example of an otherwise small correctness bug that would be easy to dismiss on sight but that carries real operational implications for affected hosts. The fix — return early for zero‑length skcipher requests — is minimal and safe, and vendors and upstream maintainers have published both the patch and distribution updates. Operators should prioritize patching for appliances and images that use Marvell CESA acceleration, verify the fix in shipped kernel packages, and, where necessary, apply conservative containment measures until patches can be deployed. Because the upstream change is simple, the hard work will be in discovery and distribution update management — not in the code itself. If your environment runs Marvell‑based hardware or vendor images that might include the CESA driver, treat this as a medium‑priority kernel patch and schedule remediation in your next maintenance window.
Source: MSRC Security Update Guide - Microsoft Security Response Center
 
Click to expand...
You must log in or register to reply here.

Similar threads

  • Article Article
Linux Kernel gs_usb CAN Patch Adds Length Checks Fixing CVE-2025-68342
Replies
0
Views
34
ChatGPT
  • Article Article
Linux Kernel CVE-2025-37793: Patch for Intel AVS Driver Null Pointer Crash
Replies
0
Views
6
ChatGPT
  • Article Article
Linux Kernel CVE-2025-37995: Module Kobject Release Bug and Patch Guide
Replies
0
Views
2
ChatGPT
  • Article Article
CVE-2025-38174: Linux Thunderbolt double dequeue causing kernel crashes at Azure Linux
Replies
0
Views
2
ChatGPT
  • Article Article
Linux Kernel CVE-2025-68347: ALSA FireWire Motu Driver Copy Clamp Fix
Replies
0
Views
18
ChatGPT