-

CVE-2025-40022

EPSS 0.06%
Veröffentlicht 24.10.2025 12:24:57
Zuletzt bearbeitet 12.05.2026 13:17:18
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

crypto: af_alg - Fix incorrect boolean values in af_alg_ctx

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix incorrect boolean values in af_alg_ctx

Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in
af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of
type u32.

However, some assignments to these fields, specifically 'more' and
'merge', assign values greater than 1.  These relied on C's implicit
conversion to bool, such that zero becomes false and nonzero becomes
true.

With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken
instead, resulting in 0 being assigned in some cases when 1 was intended.

Fix this by restoring the bool type.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

CNA 5 VulnDex Vulnerability Enrichment 10

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

HerstellerSiemens

≫

Produkt SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

Default Statusunknown

Version V3.1.5

Version < *

Status affected

HerstellerSiemens

≫

Produkt SIMATIC S7-1500 CPU 1518-4 PN/DP MFP

Default Statusunknown

Version V3.1.5

Version < *

Status affected

HerstellerSiemens

≫

Produkt SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

Default Statusunknown

Version V3.1.5

Version < *

Status affected

HerstellerSiemens

≫

Produkt SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP

Default Statusunknown

Version V3.1.5

Version < *

Status affected

HerstellerSiemens

≫

Produkt SIPLUS S7-1500 CPU 1518-4 PN/DP MFP

Default Statusunknown

Version V3.1.5

Version < *

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.178

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/3a21698ace915a445bce2d0dcfc84b6d2199baf7

https://git.kernel.org/stable/c/d382d6daf0184490f366562469a5673f65ee2662

https://git.kernel.org/stable/c/54506c6335690f4ef1b9f154e34f5a604c72c1ed

https://git.kernel.org/stable/c/8703940bd30b5ad94408d28d7192db2491cd3592

https://git.kernel.org/stable/c/316b090c2fee964c307a634fecc7df269664b158

https://git.kernel.org/stable/c/fbe96bd25423e61273d8831e995260b429d850b6

https://git.kernel.org/stable/c/d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb

https://cert-portal.siemens.com/productcert/html/ssa-082556.html

https://nvd.nist.gov/vuln/detail/CVE-2025-40022

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40022

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40022

EUVD