CVE-2025-40022Linux vulnerability

6 documents5 sources
Severity
N/A
No vector
EPSS
0.1%
top 81.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedOct 24

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-b

Affected Packages5 packages

Linuxlinux/linux_kernel6.1.1546.1.155+3
Debianlinux/linux_kernel< 5.10.247-1+3
CVEListV5linux/linux0f28c4adbc4a97437874c9b669fd7958a8c6d6ce3a21698ace915a445bce2d0dcfc84b6d2199baf7+10
debiandebian/linux< linux 6.1.158-1 (bookworm)
debiandebian/linux-6.1< linux 6.1.158-1 (bookworm)

🔴Vulnerability Details

3
OSV
crypto: af_alg - Fix incorrect boolean values in af_alg_ctx2025-10-24
OSV
CVE-2025-40022: In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("2025-10-24
GHSA
GHSA-rjhr-rr92-fh8c: In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f012025-10-24

📋Vendor Advisories

2
Red Hat
kernel: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx2025-10-24
Debian
CVE-2025-40022: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: af_...2025