IM
IronMonkey Threat Research

CVE-2025-39964 LOW

Published: 2025-10-13 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state. Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.

CVSS Metrics

Base Score: 3.3 (LOW)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf5540> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf60c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf5b00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf4a00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf5d80> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcbbf78c0> Operating System
linux linux_kernel 6.17 <built-in method update of dict object at 0x702bcbbf7dc0> Operating System
linux linux_kernel 6.17 <built-in method update of dict object at 0x702bcbbf5fc0> Operating System
linux linux_kernel 6.17 <built-in method update of dict object at 0x702bcbbf7940> Operating System
linux linux_kernel 6.17 <built-in method update of dict object at 0x702bcbbf6080> Operating System
linux linux_kernel 6.17 <built-in method update of dict object at 0x702bcbbf5140> Operating System
linux linux_kernel 6.17 <built-in method update of dict object at 0x702bcbbf5f80> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.17:rc6:*:*:*:*:*:*

References

Notification
Message here