CVE-2025-40022
Published: Oct 24, 2025
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended. Fix this by restoring the bool type.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 0f28c4adbc4a97437874c9b669fd7958a8c6d6ce - < 3a21698ace915a445bce2d0dcfc84b6d2199baf7affected e4c1ec11132ec466f7362a95f36a506ce4dc08c9 - < d382d6daf0184490f366562469a5673f65ee2662affected 1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8 - < 54506c6335690f4ef1b9f154e34f5a604c72c1edaffected 7c4491b5644e3a3708f3dbd7591be0a570135b84 - < 8703940bd30b5ad94408d28d7192db2491cd3592affected 9aee87da5572b3a14075f501752e209801160d3d - < 316b090c2fee964c307a634fecc7df269664b158+2 more versions |
Linux | Linux | affected 6.1.154 - < 6.1.155affected 6.6.108 - < 6.6.109affected 6.12.49 - < 6.12.50affected 6.16.9 - < 6.16.10 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now