CVE-2025-39964

LOW EPSS 13.4%
Published Oct 13, 20258mo ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Low
Find Similar
Published Oct 13, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.

CVSS Details

Base Score
3.3
Exploitability
1.8
Impact
1.4
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
13.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 12

VendorProductVersionRange
linuxlinux_kernel*≥2.6.38  –  <5.10.245
linuxlinux_kernel*≥5.11  –  <5.15.194
linuxlinux_kernel*≥5.16  –  <6.1.154
linuxlinux_kernel*≥6.2  –  <6.6.108
linuxlinux_kernel*≥6.7  –  <6.12.49
linuxlinux_kernel*≥6.13  –  <6.16.9
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any
linuxlinux_kernel6.17any

References 7

  • git.kernel.org https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9
    Patch