-

CVE-2025-39931

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Set merge to zero early in af_alg_sendmsg

If an error causes af_alg_sendmsg to abort, ctx->merge may contain
a garbage value from the previous loop.  This may then trigger a
crash on the next entry into af_alg_sendmsg when it attempts to do
a merge that can't be done.

Fix this by setting ctx->merge to zero near the start of the loop.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 6241b9e2809b12da9130894cf5beddf088dc1b8a
Version 8ff590903d5fc7f5a0a988c38267a3d08e6393a2
Status affected
Version < 2374c11189ef704a3e4863646369f1b8e6a27d71
Version 8ff590903d5fc7f5a0a988c38267a3d08e6393a2
Status affected
Version < 24c1106504c625fabd3b7229611af617b4c27ac7
Version 8ff590903d5fc7f5a0a988c38267a3d08e6393a2
Status affected
Version < 045ee26aa3920a47ec46d7fcb302420bf01fd753
Version 8ff590903d5fc7f5a0a988c38267a3d08e6393a2
Status affected
Version < 9574b2330dbd2b5459b74d3b5e9619d39299fc6f
Version 8ff590903d5fc7f5a0a988c38267a3d08e6393a2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 2.6.38
Status affected
Version < 2.6.38
Version 0
Status unaffected
Version <= 6.1.*
Version 6.1.154
Status unaffected
Version <= 6.6.*
Version 6.6.108
Status unaffected
Version <= 6.12.*
Version 6.12.49
Status unaffected
Version <= 6.16.*
Version 6.16.9
Status unaffected
Version <= *
Version 6.17
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.033
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String