Home

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-13 | Updated 2025-10-13 | Assigner Linux

Product status

Default status
unaffected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before e4c1ec11132ec466f7362a95f36a506ce4dc08c9
affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 7c4491b5644e3a3708f3dbd7591be0a570135b84
affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 9aee87da5572b3a14075f501752e209801160d3d
affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 45bcf60fe49b37daab1acee57b27211ad1574042
affected

8ff590903d5fc7f5a0a988c38267a3d08e6393a2 before 1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
affected

Default status
affected

2.6.38
affected

Any version before 2.6.38
unaffected

5.10.245
unaffected

5.15.194
unaffected

6.1.154
unaffected

6.6.108
unaffected

6.12.49
unaffected

6.16.9
unaffected

6.17
unaffected

References

git.kernel.org/...c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce

git.kernel.org/...c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9

git.kernel.org/...c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8

git.kernel.org/...c/7c4491b5644e3a3708f3dbd7591be0a570135b84

git.kernel.org/...c/9aee87da5572b3a14075f501752e209801160d3d

git.kernel.org/...c/45bcf60fe49b37daab1acee57b27211ad1574042

git.kernel.org/...c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285

cve.org (CVE-2025-39964)

nvd.nist.gov (CVE-2025-39964)

Download JSON