CVE-2025-39964

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-39964
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39964.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-39964
Downstream
Related
Published
2025-10-13T13:48:30.334Z
Modified
2026-05-15T04:13:43.499618584Z
Summary
crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: afalg - Disallow concurrent writes in afalg_sendmsg

Issuing two writes to the same af_alg socket is bogus as the data will be interleaved in an unpredictable fashion. Furthermore, concurrent writes may create inconsistencies in the internal socket state.

Disallow this by adding a new ctx->write field that indiciates exclusive ownership for writing.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/39xxx/CVE-2025-39964.json"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.38
Fixed
5.10.245
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.194
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.154
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.108
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.49
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.16.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-39964.json"