Linux Kernel Vulnerability in Crypto Random Number Generator
CVE-2025-40109

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 9 November 2025

What is CVE-2025-40109?

A vulnerability exists in the Linux kernel's crypto random number generator, where the set_ent function is not guaranteed to be consistently applied. This issue arises from the design where only the deterministic random bit generator (drbg) uses the set_ent function. As a result, failing to ensure that set_ent is present may lead to inadequate randomness in cryptographic operations, potentially compromising security measures that rely on robust random number generation. This vulnerability underscores the importance of stringent configuration in cryptographic implementations to maintain system integrity and data protection.

Affected Version(s)

Linux 77ebdabe8de7c02f43c6de3357f79ff96f9f0579 < 15d6f42da1bb527629d8e1067b1302d58dec9166

Linux 77ebdabe8de7c02f43c6de3357f79ff96f9f0579

Linux 77ebdabe8de7c02f43c6de3357f79ff96f9f0579 < 17acbcd44fe8dc17dc1072375e76df2d52da6ac8

References

https://git.kernel.org/stable/c/15d6f42da1bb527629d8e1067...

https://git.kernel.org/stable/c/bd903c25b652c331831226cdf...

https://git.kernel.org/stable/c/17acbcd44fe8dc17dc1072375...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 9, 2025
Vulnerability Reserved
Apr 16, 2025

JSON