From de1aabdde4d8624ed4b6edad1a79444c06069cb2 Mon Sep 17 00:00:00 2001
Message-ID: <de1aabdde4d8624ed4b6edad1a79444c06069cb2.1777520323.git.sam@gentoo.org>
From: Sam James <sam@gentoo.org>
Date: Thu, 30 Apr 2026 03:14:26 +0100
Subject: [PATCH] crypto: disable authencesn module for CVE-2026-31431

The fix in 6.18 and beyond uses memcpy_sglist which got added in
131bdceca1f0a2d9381270dc40f898458e5e184b, but then they change it in
0f8d42bf128d349ad490e87d5574d211245e40f1 and
4dffc9bbffb9ccfcda730d899c97c553599e7ca8, then drop one of the earlier
changes in 20d868a77f11ba050fe96e7b8efb8ec3b6f2737f.

It's easier to disable the authencesn module as a mitigation for now
until older kernels get fixed upstream. It should only make IPSec slower
in some cases to have it off.

Bug: https://bugs.gentoo.org/973385
Signed-off-by: Sam James <sam@gentoo.org>
---
 crypto/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/Makefile b/crypto/Makefile
index 4c99e5d376f6..2169292ed1b6 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -154,7 +154,7 @@ obj-$(CONFIG_CRYPTO_CRC32C) += crc32c_generic.o
 obj-$(CONFIG_CRYPTO_CRC32) += crc32_generic.o
 obj-$(CONFIG_CRYPTO_CRCT10DIF) += crct10dif_common.o crct10dif_generic.o
 obj-$(CONFIG_CRYPTO_CRC64_ROCKSOFT) += crc64_rocksoft_generic.o
-obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o authencesn.o
+obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o
 obj-$(CONFIG_CRYPTO_LZO) += lzo.o lzo-rle.o
 obj-$(CONFIG_CRYPTO_LZ4) += lz4.o
 obj-$(CONFIG_CRYPTO_LZ4HC) += lz4hc.o
-- 
2.54.0