-

CVE-2025-40022

EPSS 0.05%
Veröffentlicht 24.10.2025 12:24:57
Zuletzt bearbeitet 27.10.2025 13:20:15
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix incorrect boolean values in af_alg_ctx

Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in
af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of
type u32.

However, some assignments to these fields, specifically 'more' and
'merge', assign values greater than 1.  These relied on C's implicit
conversion to bool, such that zero becomes false and nonzero becomes
true.

With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken
instead, resulting in 0 being assigned in some cases when 1 was intended.

Fix this by restoring the bool type.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 3a21698ace915a445bce2d0dcfc84b6d2199baf7

Version 0f28c4adbc4a97437874c9b669fd7958a8c6d6ce

Status affected

Version < d382d6daf0184490f366562469a5673f65ee2662

Version e4c1ec11132ec466f7362a95f36a506ce4dc08c9

Status affected

Version < 54506c6335690f4ef1b9f154e34f5a604c72c1ed

Version 1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8

Status affected

Version < 8703940bd30b5ad94408d28d7192db2491cd3592

Version 7c4491b5644e3a3708f3dbd7591be0a570135b84

Status affected

Version < 316b090c2fee964c307a634fecc7df269664b158

Version 9aee87da5572b3a14075f501752e209801160d3d

Status affected

Version < fbe96bd25423e61273d8831e995260b429d850b6

Version 45bcf60fe49b37daab1acee57b27211ad1574042

Status affected

Version < d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb

Version 1b34cbbf4f011a121ef7b2d7d6e6920a036d5285

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < 6.1.155

Version 6.1.154

Status affected

Version < 6.6.109

Version 6.6.108

Status affected

Version < 6.12.50

Version 6.12.49

Status affected

Version < 6.16.10

Version 6.16.9

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.159

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

https://git.kernel.org/stable/c/3a21698ace915a445bce2d0dcfc84b6d2199baf7

https://git.kernel.org/stable/c/d382d6daf0184490f366562469a5673f65ee2662

https://git.kernel.org/stable/c/54506c6335690f4ef1b9f154e34f5a604c72c1ed

https://git.kernel.org/stable/c/8703940bd30b5ad94408d28d7192db2491cd3592

https://git.kernel.org/stable/c/316b090c2fee964c307a634fecc7df269664b158

https://git.kernel.org/stable/c/fbe96bd25423e61273d8831e995260b429d850b6

https://git.kernel.org/stable/c/d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb

https://nvd.nist.gov/vuln/detail/CVE-2025-40022

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-40022

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-40022

EUVD