Volerion logoVolerion
Volerion logoVolerion

Linux Kernel Concurrent Write Vulnerability in af_alg Socket

Vulnerability

A vulnerability in the Linux kernel's af_alg socket implementation allows for concurrent writes, which can lead to unpredictable interleaving of data and inconsistencies in the socket's internal state. This issue is present in the stable branch of the Linux kernel.

Impact

The vulnerability could cause data corruption by interleaving writes in an unpredictable manner, potentially leading to inconsistencies in the socket's state.

Reproduction

To reproduce this vulnerability, send two concurrent write operations to the same af_alg socket. The data will be interleaved unpredictably, demonstrating the vulnerability.

Remediation

The vulnerability has been addressed by modifying the af_alg_sendmsg function to disallow concurrent writes. This was achieved by introducing a new field in the af_alg_ctx structure that indicates exclusive ownership for writing.

Added: Oct 13, 2025, 2:18 PM
Updated: Oct 13, 2025, 2:18 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
3.9
remediation
7.7
relevance
0.7
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.