5.5

CVE-2025-39931

crypto: af_alg - Set merge to zero early in af_alg_sendmsg

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Set merge to zero early in af_alg_sendmsg

If an error causes af_alg_sendmsg to abort, ctx->merge may contain
a garbage value from the previous loop.  This may then trigger a
crash on the next entry into af_alg_sendmsg when it attempts to do
a merge that can't be done.

Fix this by setting ctx->merge to zero near the start of the loop.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.38 < 6.1.154
LinuxLinux Kernel Version >= 6.2 < 6.6.108
LinuxLinux Kernel Version >= 6.7 < 6.12.49
LinuxLinux Kernel Version >= 6.13 < 6.16.9
LinuxLinux Kernel Version6.17 Updaterc1
LinuxLinux Kernel Version6.17 Updaterc2
LinuxLinux Kernel Version6.17 Updaterc3
LinuxLinux Kernel Version6.17 Updaterc4
LinuxLinux Kernel Version6.17 Updaterc5
LinuxLinux Kernel Version6.17 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.035
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/6241b9e2809b12da9130894cf5beddf088dc1b8a
Patch
https://git.kernel.org/stable/c/2374c11189ef704a3e4863646369f1b8e6a27d71
Patch
https://git.kernel.org/stable/c/24c1106504c625fabd3b7229611af617b4c27ac7
Patch
https://git.kernel.org/stable/c/045ee26aa3920a47ec46d7fcb302420bf01fd753
Patch
https://git.kernel.org/stable/c/9574b2330dbd2b5459b74d3b5e9619d39299fc6f
Patch
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
https://git.kernel.org/stable/c/28f6f37abca7c5c9eb3959c66310f1d4d98b8aaf
https://git.kernel.org/stable/c/db2b42425dfbde4983b0c20fb7cfa05f70e6a745