CVE-2025-39931

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39931
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39931.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39931
Downstream
Related
Published
2025-10-04T07:30:55.964Z
Modified
2026-06-18T03:57:00.748991193Z
Summary
crypto: af_alg - Set merge to zero early in af_alg_sendmsg
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: afalg - Set merge to zero early in afalg_sendmsg

If an error causes afalgsendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg when it attempts to do a merge that can't be done.

Fix this by setting ctx->merge to zero near the start of the loop.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39931.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8ff590903d5fc7f5a0a988c38267a3d08e6393a2
Fixed
6241b9e2809b12da9130894cf5beddf088dc1b8a
Fixed
2374c11189ef704a3e4863646369f1b8e6a27d71
Fixed
24c1106504c625fabd3b7229611af617b4c27ac7
Fixed
045ee26aa3920a47ec46d7fcb302420bf01fd753
Fixed
9574b2330dbd2b5459b74d3b5e9619d39299fc6f

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39931.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.38
Fixed
6.1.154
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.108
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.49
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.16.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39931.json"