Concurrent Writes Vulnerability in Linux Kernel Affecting Socket Operations
CVE-2025-39964

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-39964?

A vulnerability exists in the Linux kernel's af_alg socket implementation that allows for concurrent writes, potentially leading to data being interleaved unpredictably. This behavior can generate inconsistencies within the internal socket state, ultimately compromising data integrity. To mitigate this issue, a new context write field has been introduced to ensure exclusive ownership for write operations, preventing accidental conflicts when multiple writes are attempted simultaneously.

Affected Version(s)

Linux 8ff590903d5fc7f5a0a988c38267a3d08e6393a2 < 0f28c4adbc4a97437874c9b669fd7958a8c6d6ce

Linux 8ff590903d5fc7f5a0a988c38267a3d08e6393a2

Linux 8ff590903d5fc7f5a0a988c38267a3d08e6393a2 < 1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8

References

https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b66...

https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f...

https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130f...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Apr 16, 2025

JSON