CVE-2025-39964

Oct. 13, 2025, 2:15 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o linux linux_kernel / / / / / / / /

References

https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042
https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84
https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d
https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-10-13
CVE-2025-39964

Timeline

Published: Oct. 13, 2025, 2:15 p.m.
Last Modified: Oct. 13, 2025, 2:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.