CVE-2025-39802
BaseFortify
Publication date: 2025-09-15
Last updated on: 2025-11-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel's crypto library (specifically in the arm/poly1305 implementation) involves register corruption in contexts where SIMD (Single Instruction, Multiple Data) instructions are not available or usable. A safety check that ensures SIMD usability was removed, which could lead to the Poly1305 functions corrupting random tasks' registers or computing incorrect Message Authentication Codes (MACs) if called when SIMD registers are unusable. The fix restores this safety check to prevent such corruption and incorrect computations.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause corruption of CPU registers belonging to unrelated tasks and result in incorrect cryptographic MAC computations. This could lead to data integrity issues or unpredictable system behavior in environments relying on the affected Poly1305 cryptographic functions on ARM architectures without SIMD support.