Linux 7.2 Proceeding To Deprecate AF_ALG Due To "Massive Attack Surface", Drops Offloading

AF_ALG, introduced over a decade ago, provided a convenient socket‑based bridge for user‑space applications to tap the kernel’s native cryptographic primitives. It was especially attractive for workloads that needed hardware acceleration without leaving kernel space, such as VPNs and storage encryption. Over time, however, the interface grew into a catch‑all for experimental algorithms, and its permissive design left many unchecked paths for unprivileged code to invoke kernel crypto functions.

Recent months have seen a surge in automated vulnerability discovery powered by large language models and AI‑enhanced fuzzers. Researchers demonstrated that a simple Python script could reliably gain root privileges on a wide range of distributions by exploiting AF_ALG’s unchecked parameters. Eric Biggers’ patch notes highlight that the attack surface is “massive” and that the effort required to secure the interface outweighs its limited real‑world usage. Consequently, the Linux 7.2 merge window will strip AF_ALG of zero‑copy buffers and hardware offload hooks, effectively retiring the feature.

The deprecation forces the ecosystem to rethink how cryptographic acceleration is delivered. Vendors with dedicated crypto ASICs or GPUs will need to expose new, purpose‑built APIs that enforce stricter isolation and privilege checks. Meanwhile, developers are encouraged to adopt userspace libraries like OpenSSL or libsodium, which have matured to offer comparable performance without kernel exposure. In the longer term, the Linux community may propose a replacement interface that balances speed, security, and maintainability, but until then, the focus remains on hardening the kernel’s core attack surface.