CVE-2025-40022
Linux Kernel - Incorrect Boolean Assignment in AF_ALG Context
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg") changed some fields from bool to 1-bit bitfields of type u32. However, some assignments to these fields, specifically 'more' and 'merge', assign values greater than 1. These relied on C's implicit conversion to bool, such that zero becomes false and nonzero becomes true. With a 1-bit bitfields of type u32 instead, mod 2 of the value is taken instead, resulting in 0 being assigned in some cases when 1 was intended. Fix this by restoring the bool type.
References (9)
Core 9
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-019113.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Scores
EPSS
0.0021
EPSS Percentile
11.6%
Details
Status
published
Products (15)
linux/Kernel
6.1.154 - 6.1.155linux
linux/Kernel
6.12.49 - 6.12.50linux
linux/Kernel
6.16.9 - 6.16.10linux
linux/Kernel
6.6.108 - 6.6.109linux
Linux/Linux
0f28c4adbc4a97437874c9b669fd7958a8c6d6ce - 3a21698ace915a445bce2d0dcfc84b6d2199baf7
Linux/Linux
1b34cbbf4f011a121ef7b2d7d6e6920a036d5285 - d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb
Linux/Linux
1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8 - 54506c6335690f4ef1b9f154e34f5a604c72c1ed
Linux/Linux
45bcf60fe49b37daab1acee57b27211ad1574042 - fbe96bd25423e61273d8831e995260b429d850b6
Linux/Linux
6.1.154 - 6.1.155
Linux/Linux
6.12.49 - 6.12.50
... and 5 more
Published
Oct 24, 2025
Tracked Since
Feb 18, 2026