| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102404-CVE-2025-40022-cf34@gregkh>
Date: Fri, 24 Oct 2025 14:25:05 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-40022: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in
af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of
type u32.
However, some assignments to these fields, specifically 'more' and
'merge', assign values greater than 1. These relied on C's implicit
conversion to bool, such that zero becomes false and nonzero becomes
true.
With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken
instead, resulting in 0 being assigned in some cases when 1 was intended.
Fix this by restoring the bool type.
The Linux kernel CVE team has assigned CVE-2025-40022 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.1.154 with commit 1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8 and fixed in 6.1.155 with commit 54506c6335690f4ef1b9f154e34f5a604c72c1ed
Issue introduced in 6.6.108 with commit 7c4491b5644e3a3708f3dbd7591be0a570135b84 and fixed in 6.6.109 with commit 8703940bd30b5ad94408d28d7192db2491cd3592
Issue introduced in 6.12.49 with commit 9aee87da5572b3a14075f501752e209801160d3d and fixed in 6.12.50 with commit 316b090c2fee964c307a634fecc7df269664b158
Issue introduced in 6.16.9 with commit 45bcf60fe49b37daab1acee57b27211ad1574042 and fixed in 6.16.10 with commit fbe96bd25423e61273d8831e995260b429d850b6
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-40022
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
include/crypto/if_alg.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/3a21698ace915a445bce2d0dcfc84b6d2199baf7
https://git.kernel.org/stable/c/d382d6daf0184490f366562469a5673f65ee2662
https://git.kernel.org/stable/c/54506c6335690f4ef1b9f154e34f5a604c72c1ed
https://git.kernel.org/stable/c/8703940bd30b5ad94408d28d7192db2491cd3592
https://git.kernel.org/stable/c/316b090c2fee964c307a634fecc7df269664b158
https://git.kernel.org/stable/c/fbe96bd25423e61273d8831e995260b429d850b6
https://git.kernel.org/stable/c/d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb
Powered by blists - more mailing lists