CVE-2025-39964
LOW EPSS 13.4%
Published Oct 13, 20258mo ago · Modified Jun 17, 20262w ago
3.3 CVSS 3.1
Published Oct 13, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low
Threat Intelligence
EPSS Exploit Probability
13.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 12
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥2.6.38 – <5.10.245 |
| linux | linux_kernel | * | ≥5.11 – <5.15.194 |
| linux | linux_kernel | * | ≥5.16 – <6.1.154 |
| linux | linux_kernel | * | ≥6.2 – <6.6.108 |
| linux | linux_kernel | * | ≥6.7 – <6.12.49 |
| linux | linux_kernel | * | ≥6.13 – <6.16.9 |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
| linux | linux_kernel | 6.17 | any |
References 7
- git.kernel.org https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
- git.kernel.org https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
- git.kernel.org https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
- git.kernel.org https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042
- git.kernel.org https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84
- git.kernel.org https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d
- git.kernel.org https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9
Remediation
- git.kernel.org https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
- git.kernel.org https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
- git.kernel.org https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
- git.kernel.org https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042
- git.kernel.org https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84
- git.kernel.org https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d
- git.kernel.org https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9