Control Flow Integrity Vulnerability in Linux Kernel's Crypto Acomp Module
CVE-2025-39777

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2025

What is CVE-2025-39777?

A vulnerability in the Linux kernel's crypto module has been identified, specifically in the acomp functionality. This flaw may lead to system instability when control flow integrity (CFI) is enabled. The issue arises due to inconsistent data types within the workspace management. To remediate this, the system's 'stream' free function has been adjusted to ensure type consistency when invoked via function pointers. It is crucial for users and system administrators to apply the latest patches to maintain system integrity and security.

Affected Version(s)

Linux 42d9f6c774790d290c175e8775ce9f1366438098 < 7ec68c59461ca846aab9b7c2b39f63ac7c8a43cf

Linux 42d9f6c774790d290c175e8775ce9f1366438098 < 962ddc5a7a4b04c007bba0f3e7298cda13c62efd

Linux 6.16

References

https://git.kernel.org/stable/c/7ec68c59461ca846aab9b7c2b...

https://git.kernel.org/stable/c/962ddc5a7a4b04c007bba0f3e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Apr 16, 2025