Primary

Context

Linux Kernel Control Flow Integrity Crash Vulnerability in Crypto Acomp

Vulnerability

Patched

A vulnerability in the Linux kernel's crypto component, specifically within the acomp interface, can lead to a crash when control flow integrity (CFI) is enabled. This issue arises from type punning, which creates a mismatch in the expected data types. The vulnerability affects the workspace management functions, particularly the stream free function, by using inconsistent types. The problem has been addressed by standardizing the type usage and invoking the free function through a properly typed function pointer.

Impact

The vulnerability could cause a system crash, disrupting normal operations and potentially leading to a denial of service.

Added: Sep 11, 2025, 5:58 PM

Updated: Sep 11, 2025, 5:58 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Control Flow Integrity Crash Vulnerability in Crypto Acomp

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating