Target Subsystems

Attack Surface

CopyFail hit algif_aead (AF_ALG). Dirty Frag hit esp4/esp6 (IPsec) and rxrpc. The following subsystems have not been publicly checked for the same anti-pattern.

Subsystem Kernel Path Why It Is Interesting Priority

Subsystem	Kernel Path	Why It Is Interesting	Priority
`algif_skcipher`	`crypto/algif_skcipher.c`	Architecturally identical to `algif_aead.c` — same author, same era, same optimization patterns. If the AEAD path had the bug, the symmetric cipher path may have an analogous one.	High
`algif_hash`	`crypto/algif_hash.c`	AF_ALG hashing — reads page data, but may write temporary state through the page reference.	Medium
kTLS	`net/tls/`	In-kernel TLS performs crypto transforms on the send path. Does the TLS record layer copy before encrypting?	High
WireGuard	`drivers/net/wireguard/`	Encrypts packets — does it check page ownership before in-place encryption?	Medium
SCTP	`net/sctp/`	Complex protocol with splice support and chunk processing. Less audited than TCP/UDP.	Medium
TIPC	`net/tipc/`	Cluster communication protocol. Minimal security audit attention.	Low
SMB/CIFS client	`fs/smb/`	Splice support combined with crypto operations (packet signing, encryption).	Medium
Compression (zswap, zram)	`mm/zswap.c`, `drivers/block/zram/`	Page transforms on potentially shared pages during compression.	Low

algif_skcipher

crypto/algif_skcipher.c

Architecturally identical to algif_aead.c — same author, same era, same optimization patterns. If the AEAD path had the bug, the symmetric cipher path may have an analogous one.

High

algif_hash

crypto/algif_hash.c

AF_ALG hashing — reads page data, but may write temporary state through the page reference.

Medium

kTLS

net/tls/

In-kernel TLS performs crypto transforms on the send path. Does the TLS record layer copy before encrypting?

High

WireGuard

drivers/net/wireguard/

Encrypts packets — does it check page ownership before in-place encryption?

Medium

SCTP

net/sctp/

Complex protocol with splice support and chunk processing. Less audited than TCP/UDP.

Medium

TIPC

net/tipc/

Cluster communication protocol. Minimal security audit attention.

Low

SMB/CIFS client

fs/smb/

Splice support combined with crypto operations (packet signing, encryption).

Medium

Compression (zswap, zram)

mm/zswap.c, drivers/block/zram/

Page transforms on potentially shared pages during compression.

Low

Recommended Starting Point

algif_skcipher.c is the lowest-hanging fruit. Read it side-by-side with the patched algif_aead.c:

# Get both files from kernel source
# Compare the splice/sendmsg paths
diff <(grep -n 'splice\|sendmsg\|sg_set\|page' crypto/algif_skcipher.c) \
     <(grep -n 'splice\|sendmsg\|sg_set\|page' crypto/algif_aead.c)

If algif_skcipher.c has the same in-place optimization that was reverted in algif_aead.c, and if that path is reachable via splice(), that is a new vulnerability.

Kernel Source Setup

Get the source matching your running kernel exactly:

# Running kernel
uname -r

# Arch: use asp
asp update linux && asp checkout linux

# Or download the tarball
curl -LO https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-$(uname -r | sed 's/-.*//' ).tar.xz

System Exposure Check

Run these commands to understand your own system’s attack surface:

# Kernel version -- are you in the affected range?
uname -r

# Is algif_aead built-in? (CopyFail modprobe workaround won't help if y)
grep CONFIG_CRYPTO_USER_API_AEAD /boot/config-$(uname -r)

# Are esp4/esp6/rxrpc loaded? (Dirty Frag attack surface)
lsmod | awk '/^esp[46]|^rxrpc/ {print $1, $3 " users"}'

# What AF_ALG modules are available?
find /lib/modules/$(uname -r) -name 'algif_*' -exec basename {} .ko.zst \;

# Check distro patch status
# Arch:
pacman -Si linux | awk '/^Version/'
# RHEL/Alma:
dnf check-update kernel
# Ubuntu/Debian:
apt list --upgradable 2>/dev/null | grep linux-image