{"slug": "linux-7-2-proceeding-to-deprecate-af-alg-due-to-massive-attack-surface-drops", "title": "Linux 7.2 Proceeding To Deprecate AF_ALG Due To \"Massive Attack Surface\", Drops Offloading", "summary": "The Linux 7.2 kernel is proceeding with a full deprecation of the AF_ALG interface due to a \"massive attack surface\" that has become increasingly vulnerable to AI and LLM-based discovery tools. Kernel developer Eric Biggers cited a small Python script that \"reliably roots most Linux distros\" as evidence that the interface is unsustainable, leading to the removal of zero-copy support and off-CPU cryptography offloading in the upcoming release. The changes take effect as the Linux 7.2 merge window opens in mid-June, reflecting the kernel community's response to growing security fallout from AI-assisted vulnerability research.", "body_md": "# Linux 7.2 Proceeding To Deprecate AF_ALG Due To \"Massive Attack Surface\", Drops Offloading\n\nThe Linux kernel's AF_ALG interface for user-space applications to directly access the Linux kernel's built-in cryptographic engine is proceeding with a quick deprecation cycle due to a \"massive attack surface\" with increased vulnerabilities coming to light due to AI/LLM-based tooling.\n\nWith the upcoming Linux 7.2 kernel, AF_ALG is being deprecated in full. Eric Biggers explains in\n\nIn addition to the deprecation, for Linux 7.2 AF_ALG will already be\n\nAdditionally, as of this past week,\n\nThe Linux 7.2 merge window should be kicking off in mid-June with many changes abound: both many new kernel features and also further dealing with the fallout from growing AI/LLM discoveries.\n\nWith the upcoming Linux 7.2 kernel, AF_ALG is being deprecated in full. Eric Biggers explains in\n\n[a patch](https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=a67afb1884ba815079bd43d5c998e155e03b08b6)queued to the kernel's cryptographic subsystem \"cryptodev\" tree:\"AF_ALG is almost completely unnecessary, and it exposes a massive attack surface that hasn't been standing up to modern vulnerability discovery tools. The latest one even has its own website, providing a small Python script that reliably roots most Linux distros: https://copy.fail/\n\nThis isn't sustainable, especially as LLMs have accelerated the rate the vulnerabilities are coming in. The effort that is being put into this thing is vastly disproportional to the few programs that actually use it, and those programs would be better served by userspace code anyway.\n\nThese issues have been noted in many mailing list discussions already. But until now they haven't been reflected in the documentation or kconfig menu itself, and the vulnerabilities are still coming in.\n\nLet's go ahead and document the deprecation.\"\n\nIn addition to the deprecation, for Linux 7.2 AF_ALG will already be\n\n[seeing its zero-copy support removed](https://www.phoronix.com/news/Linux-AF-ALF-Zero-Copy-Security)due to the associated security concerns.Additionally, as of this past week,\n\n[this patch](https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/commit/?id=7524070f26d8d347c26787dc297fb844baa26abf)is moving ahead and dropping off-CPU cryptography support from AF_ALG. Making use of hardware-accelerated offloading with crypto accelerators for AF_ALG has been deemed too dangerous and thus being removed already for Linux 7.2:\"AF_ALG is deprecated and exposed to unprivileged userspace. Only use the least buggy algorithm implementations: the pure software ones.\n\nThis removes one of the main advantages of AF_ALG, which is the ability to use it with off-CPU accelerators. However, using off-CPU accelerators has huge overheads, both in performance and attack surface. I have yet to see real-world, performance-critical workloads where using an accelerator via AF_ALG is actually a win over doing cryptography in userspace.\n\nIf using an off-CPU accelerator really does turn out to be a win, a new API should be developed that is actually a good fit for it.\"\n\nThe Linux 7.2 merge window should be kicking off in mid-June with many changes abound: both many new kernel features and also further dealing with the fallout from growing AI/LLM discoveries.", "url": "https://wpnews.pro/news/linux-7-2-proceeding-to-deprecate-af-alg-due-to-massive-attack-surface-drops", "canonical_source": "https://www.phoronix.com/news/Linux-AF-ALG-Deprecation", "published_at": "2026-06-01 10:48:44+00:00", "updated_at": "2026-06-02 20:57:10.965814+00:00", "lang": "en", "topics": ["large-language-models", "ai-safety", "ai-research"], "entities": ["Eric Biggers", "Linux", "AF_ALG", "cryptodev"], "alternates": {"html": "https://wpnews.pro/news/linux-7-2-proceeding-to-deprecate-af-alg-due-to-massive-attack-surface-drops", "markdown": "https://wpnews.pro/news/linux-7-2-proceeding-to-deprecate-af-alg-due-to-massive-attack-surface-drops.md", "text": "https://wpnews.pro/news/linux-7-2-proceeding-to-deprecate-af-alg-due-to-massive-attack-surface-drops.txt", "jsonld": "https://wpnews.pro/news/linux-7-2-proceeding-to-deprecate-af-alg-due-to-massive-attack-surface-drops.jsonld"}}