Linux Kernel Vulnerability in af_alg Functionality
CVE-2025-39931

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 4 October 2025

What is CVE-2025-39931?

A vulnerability in the Linux kernel's af_alg functionality arises due to improper handling of the ctx->merge variable. If an error occurs during the execution of af_alg_sendmsg, this variable may retain a garbage value. This can lead to a system crash on subsequent calls to af_alg_sendmsg when an invalid merge operation is attempted. To mitigate this issue, it is essential to reset ctx->merge to zero at the beginning of the loop, ensuring stability and reliability in handling cryptographic operations.

Affected Version(s)

Linux 8ff590903d5fc7f5a0a988c38267a3d08e6393a2 < 6241b9e2809b12da9130894cf5beddf088dc1b8a

Linux 8ff590903d5fc7f5a0a988c38267a3d08e6393a2 < 2374c11189ef704a3e4863646369f1b8e6a27d71

Linux 8ff590903d5fc7f5a0a988c38267a3d08e6393a2 < 24c1106504c625fabd3b7229611af617b4c27ac7

References

https://git.kernel.org/stable/c/6241b9e2809b12da9130894cf...

https://git.kernel.org/stable/c/2374c11189ef704a3e4863646...

https://git.kernel.org/stable/c/24c1106504c625fabd3b72296...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2025
Vulnerability Reserved
Apr 16, 2025

JSON