Main Vulnerability Database SB20250916257

SB20250916257 - Improper error handling in Linux kernel x86 crypto

Published: September 16, 2025

Security Bulletin ID SB20250916257

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper error handling (CVE-ID: CVE-2025-39789)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the crypto_aegis128_aesni_process_ad(), crypto_aegis128_aesni_process_crypt(), crypto_aegis128_aesni_setauthsize(), crypto_aegis128_aesni_crypt(), crypto_aegis128_aesni_encrypt() and crypto_aegis128_aesni_decrypt() functions in arch/x86/crypto/aegis128-aesni-glue.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/3d9eb180fbe8828cce43bce4c370124685b205c3
https://git.kernel.org/stable/c/475104178f4d30e749ee4f5473c87f692b93bebb