Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.38, < 5.10.245 |
References
- https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6cePatch
- https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285Patch
- https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8Patch
- https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042Patch
- https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84Patch
- https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3dPatch
- https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9Patch
FAQ
What is CVE-2025-39964?
CVE-2025-39964 is a vulnerability with a CVSS score of 3.3 (LOW). In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data wi...
How severe is CVE-2025-39964?
CVE-2025-39964 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-39964?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.