CVE-2025-39931 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done. Fix this by setting ctx->merge to zero near the start of the loop.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-04 | Updated 2025-10-04 | Assigner Linux

Product status

Default status

unaffected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 6241b9e2809b12da9130894cf5beddf088dc1b8a

affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 2374c11189ef704a3e4863646369f1b8e6a27d71

affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 24c1106504c625fabd3b7229611af617b4c27ac7

affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 045ee26aa3920a47ec46d7fcb302420bf01fd753

affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 9574b2330dbd2b5459b74d3b5e9619d39299fc6f

affected

Default status

affected

2.6.38

affected

Any version before 2.6.38

unaffected

6.1.154

unaffected

6.6.108

unaffected

6.12.49

unaffected

6.16.9

unaffected

6.17

unaffected

References

git.kernel.org/...c/6241b9e2809b12da9130894cf5beddf088dc1b8a

git.kernel.org/...c/2374c11189ef704a3e4863646369f1b8e6a27d71

git.kernel.org/...c/24c1106504c625fabd3b7229611af617b4c27ac7

git.kernel.org/...c/045ee26aa3920a47ec46d7fcb302420bf01fd753

git.kernel.org/...c/9574b2330dbd2b5459b74d3b5e9619d39299fc6f

cve.org (CVE-2025-39931)

nvd.nist.gov (CVE-2025-39931)

Download JSON

help @ threatint.eu