CVE-2025-39931
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
In the Linux kernel's crypto subsystem (af_alg), a vulnerability was found where on error in af_alg_sendmsg, the ctx->merge variable may contain a garbage value from the previous loop iteration. This can cause a system crash on the next call when it attempts an invalid merge.
Risk Assessment
The risk is a potential system crash during cryptographic operations, leading to denial of service (DoS) for applications using the af_alg interface.
Recommendation
Immediately update the Linux kernel to a version containing the fix that sets ctx->merge to zero at the start of the loop in af_alg_sendmsg.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done. Fix this by setting ctx->merge to zero near the start of the loop.

