CVE-2025-40063

In commit 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp"), the cryptoacompstreams struct was made to rely on having the allocctx and freectx operations defined in the same order as the scompalg struct. But in that same commit, the allocctx and freectx members of scompalg may be randomized by structure layout randomization, since they are contained in a pure ops structure (containing only function pointers). If the pointers within scompalg are randomized, but those in cryptoacompstreams are not, then the order may no longer match. This fixes the problem by removing the union from scompalg so that both cryptoacompstreams and scompalg will share the same definition of allocctx and free_ctx, ensuring they will always have the same layout.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40063.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

42d9f6c774790d290c175e8775ce9f1366438098

Fixed

779d3b6f2d32c5f1da6163e959abe1e1ffe2945b

Fixed

f75f66683ded09f7135aef2e763c245a07c8271a

Affected versions

v6.*

v6.15

v6.15-rc2

v6.15-rc3

v6.15-rc4

v6.15-rc5

v6.15-rc6

v6.15-rc7

v6.16

v6.16-rc1

v6.16-rc2

v6.16-rc3

v6.16-rc4

v6.16-rc5

v6.16-rc6

v6.16-rc7

v6.17

v6.17-rc1

v6.17-rc2

v6.17-rc3

v6.17-rc4

v6.17-rc5

v6.17-rc6

v6.17-rc7

v6.17.1

v6.17.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40063.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.16.0

Fixed

6.17.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40063.json"