CVE-2025-39804 — Linux vulnerability

6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +3 more

Timeline

PublishedSep 15

Description

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts Restore the SIMD usability check that was removed by commit a59e5468a921 ("crypto: arm64/poly1305 - Add block-only interface"). This safety check is cheap and is well worth eliminating a footgun. While the Poly1305 functions should not be called when SIMD registers are unusable, if they are anyway, they should just do the right thing instead of corrupting…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDlinux/linux_kernel6.16 — 6.16.4

▶Debianlinux/linux_kernel< 6.16.5-1

▶CVEListV5linux/linuxa59e5468a921937cb7317892779c67046ad9f5cc — ef74efa598b7bbc5c24509f7f56af2806f81c339+2

▶debiandebian/linux< linux 6.16.5-1 (forky)

▶msrcmsrc/cbl_mariner_2.0_arm

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

OSV

CVE-2025-39804: In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts Restore th↗2025-09-15

▶

GHSA

GHSA-hvpg-7hj3-vfp4: In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts Restore↗2025-09-15

▶

📋Vendor Advisories

Red Hat

kernel: lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts↗2025-09-15

▶

Debian

CVE-2025-39804: linux - In the Linux kernel, the following vulnerability has been resolved: lib/crypto:...↗2025

▶

Microsoft

In GNU tar before 1.35 mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.↗2024-03-12

▶