ACK: Re: [SRU][J/N/P][PATCH 0/2] CVE-2025-39964

[Paolo Pisati]

On Wed, Oct 15, 2025 at 06:48:28PM -0400, Ian Whitfield wrote:
> [Impact]
> 
> crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
> 
> Issuing two writes to the same af_alg socket is bogus as the
> data will be interleaved in an unpredictable fashion.  Furthermore,
> concurrent writes may create inconsistencies in the internal
> socket state.
> 
> Disallow this by adding a new ctx->write field that indiciates
> exclusive ownership for writing.
> 
> [Backport]
> 
> The fix commit for this CVE has a follow-up to address a bug in the fix commit.
> Both commits cherry-picked cleanly, the same .patch files can be used for Jammy,
> Noble, and Plucky. Questing was already fixed.
> 
> [Fix]
> 
> Questing: Not affected
> Plucky:   Cherry pick fix + follow-up
> Noble:    Cherry pick fix + follow-up
> Jammy:    Cherry pick fix + follow-up
> Focal:    Sent to ESM ML
> Bionic:   Sent to ESM ML
> Xenial:   Sent to ESM ML
> Trusty:   Ignored, not a critical CVE
> 
> [Test Case]
> 
> Compile and boot tested.
> 
> [Where problems could occur]
> 
> This fix affects those who use the user space interface to the kernel's crypto
> algorithms (CONFIG_CRYPTO_USER_API enabled). An issue with this fix would be
> visible to the user as race conditions or lockups when sending messages to the
> kernel's cryptography interface.
> 
> Eric Biggers (1):
>   crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
> 
> Herbert Xu (1):
>   crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
> 
>  crypto/af_alg.c         |  7 +++++++
>  include/crypto/if_alg.h | 10 ++++++----
>  2 files changed, 13 insertions(+), 4 deletions(-)

Acked-by: Paolo Pisati <paolo.pisati at canonical.com>
-- 
bye,
p.