CVE-2025-40022

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-40022
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40022.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-40022
Downstream
Published
2025-10-24T12:24:57Z
Modified
2025-10-24T22:50:43.643004Z
Summary
crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: afalg - Fix incorrect boolean values in afalg_ctx

Commit 1b34cbbf4f01 ("crypto: afalg - Disallow concurrent writes in afalg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32.

However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true.

With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended.

Fix this by restoring the bool type.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
Fixed
3a21698ace915a445bce2d0dcfc84b6d2199baf7
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e4c1ec11132ec466f7362a95f36a506ce4dc08c9
Fixed
d382d6daf0184490f366562469a5673f65ee2662
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
Fixed
54506c6335690f4ef1b9f154e34f5a604c72c1ed
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
7c4491b5644e3a3708f3dbd7591be0a570135b84
Fixed
8703940bd30b5ad94408d28d7192db2491cd3592
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
9aee87da5572b3a14075f501752e209801160d3d
Fixed
316b090c2fee964c307a634fecc7df269664b158
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
45bcf60fe49b37daab1acee57b27211ad1574042
Fixed
fbe96bd25423e61273d8831e995260b429d850b6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
Fixed
d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb

Affected versions

v6.*

v6.1.154
v6.12.49
v6.16.9
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.6.108

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d382d6daf0184490f366562469a5673f65ee2662",
        "target": {
            "file": "include/crypto/if_alg.h"
        },
        "id": "CVE-2025-40022-3f78f566",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22459333528974661388137289493339017039",
                "63208587456099187812636793141584308679",
                "195843256511867572426840638828524745117",
                "164233011334217953122554797030322007899"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@54506c6335690f4ef1b9f154e34f5a604c72c1ed",
        "target": {
            "file": "include/crypto/if_alg.h"
        },
        "id": "CVE-2025-40022-438c40d8",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22459333528974661388137289493339017039",
                "63208587456099187812636793141584308679",
                "195843256511867572426840638828524745117",
                "164233011334217953122554797030322007899"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@316b090c2fee964c307a634fecc7df269664b158",
        "target": {
            "file": "include/crypto/if_alg.h"
        },
        "id": "CVE-2025-40022-6967423b",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22459333528974661388137289493339017039",
                "63208587456099187812636793141584308679",
                "195843256511867572426840638828524745117",
                "164233011334217953122554797030322007899"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8703940bd30b5ad94408d28d7192db2491cd3592",
        "target": {
            "file": "include/crypto/if_alg.h"
        },
        "id": "CVE-2025-40022-6bd1d15d",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22459333528974661388137289493339017039",
                "63208587456099187812636793141584308679",
                "195843256511867572426840638828524745117",
                "164233011334217953122554797030322007899"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fbe96bd25423e61273d8831e995260b429d850b6",
        "target": {
            "file": "include/crypto/if_alg.h"
        },
        "id": "CVE-2025-40022-8b8af8c5",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22459333528974661388137289493339017039",
                "63208587456099187812636793141584308679",
                "195843256511867572426840638828524745117",
                "164233011334217953122554797030322007899"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@3a21698ace915a445bce2d0dcfc84b6d2199baf7",
        "target": {
            "file": "include/crypto/if_alg.h"
        },
        "id": "CVE-2025-40022-9fe565cc",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22459333528974661388137289493339017039",
                "63208587456099187812636793141584308679",
                "195843256511867572426840638828524745117",
                "164233011334217953122554797030322007899"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb",
        "target": {
            "file": "include/crypto/if_alg.h"
        },
        "id": "CVE-2025-40022-de6e6002",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "22459333528974661388137289493339017039",
                "63208587456099187812636793141584308679",
                "195843256511867572426840638828524745117",
                "164233011334217953122554797030322007899"
            ]
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.1.154
Fixed
6.1.155
Type
ECOSYSTEM
Events
Introduced
6.6.108
Fixed
6.6.109
Type
ECOSYSTEM
Events
Introduced
6.12.49
Fixed
6.12.50
Type
ECOSYSTEM
Events
Introduced
6.16.9
Fixed
6.16.10