CVE-2025-40022

24.10.2025, 13:15

In the Linux kernel, the following vulnerability has been resolved:

crypto: af_alg - Fix incorrect boolean values in af_alg_ctx

Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in
af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of
type u32.

However, some assignments to these fields, specifically 'more' and
'merge', assign values greater than 1.  These relied on C's implicit
conversion to bool, such that zero becomes false and nonzero becomes
true.

With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken
instead, resulting in 0 being assigned in some cases when 1 was intended.

Fix this by restoring the bool type.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Debian Releases

Debian Product

Codename

linux

bullseye	vulnerable
bullseye (security)	vulnerable
bookworm	vulnerable
bookworm (security)	vulnerable
trixie	vulnerable
trixie (security)	vulnerable
forky	6.16.12-2 fixed
sid	6.16.12-2 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-10-26T23:00:00+00:00

References

https://git.kernel.org/stable/c/316b090c2fee964c307a634fecc7df269664b158

https://git.kernel.org/stable/c/3a21698ace915a445bce2d0dcfc84b6d2199baf7

https://git.kernel.org/stable/c/54506c6335690f4ef1b9f154e34f5a604c72c1ed

https://git.kernel.org/stable/c/8703940bd30b5ad94408d28d7192db2491cd3592

https://git.kernel.org/stable/c/d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb

https://git.kernel.org/stable/c/d382d6daf0184490f366562469a5673f65ee2662

https://git.kernel.org/stable/c/fbe96bd25423e61273d8831e995260b429d850b6