CVE-2025-40022
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-24

Last updated on: 2025-10-27

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended. Fix this by restoring the bool type.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-24
Last Modified
2025-10-27
Generated
2026-06-16
AI Q&A
2025-10-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-40022
EUVD
EUVD-2025-35837
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's crypto subsystem, specifically in the af_alg module. A recent change converted some boolean fields to 1-bit bitfields of type u32. However, some assignments to these fields used values greater than 1, which previously relied on C's implicit conversion to bool (nonzero values become true). With the 1-bit bitfield, the value is taken modulo 2, causing incorrect assignments (0 instead of 1) in some cases. The fix was to restore these fields back to the bool type to ensure correct boolean behavior.

Impact Analysis

This vulnerability can cause incorrect boolean values to be assigned in the af_alg crypto module, potentially leading to unexpected behavior in cryptographic operations that rely on these flags. This could result in incorrect processing of messages or data within the kernel's crypto subsystem, possibly affecting system security or stability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-40022. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart