#VU116928 Input validation error in Linux kernel - CVE-2025-39964
Published: October 13, 2025 / Updated: November 14, 2025
Vulnerability identifier: #VU116928
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2025-39964
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/crypto/if_alg.h. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce
- https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285
- https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8
- https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042
- https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84
- https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d
- https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9