CVE-2025-40022
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's crypto subsystem, specifically in the af_alg module. A recent change converted some boolean fields to 1-bit bitfields of type u32. However, some assignments to these fields used values greater than 1, which previously relied on C's implicit conversion to bool (nonzero values become true). With the 1-bit bitfield, the value is taken modulo 2, causing incorrect assignments (0 instead of 1) in some cases. The fix was to restore these fields back to the bool type to ensure correct boolean behavior.
How can this vulnerability impact me? :
This vulnerability can cause incorrect boolean values to be assigned in the af_alg crypto module, potentially leading to unexpected behavior in cryptographic operations that rely on these flags. This could result in incorrect processing of messages or data within the kernel's crypto subsystem, possibly affecting system security or stability.