Updated: 2026-01-27
CWE: CWE-908
Description:
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into af_alg_sendmsg when it attempts to do a merge that can't be done. Fix this by setting ctx->merge to zero near the start of the loop.
CVSS3: 7
| OS | Vendor version | Errata |
|---|---|---|
| Debian 12 | 6.1.158-1 | DSA-6053-1 |
| Amazon Linux 2023 | 6.1.155-176.282.amzn2023 | ALAS2023-2025-1223 |
| OS | Original kernel version | State |
|---|---|---|
| Debian 12 | |
Planned |
| Amazon Linux 2023 | |
In Progress |