| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025012134-CVE-2025-21662-0c72@gregkh>
Date: Tue, 21 Jan 2025 13:18:41 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2025-21662: net/mlx5: Fix variable not being completed when function returns
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix variable not being completed when function returns
When cmd_alloc_index(), fails cmd_work_handler() needs
to complete ent->slotted before returning early.
Otherwise the task which issued the command may hang:
mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry
INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.
Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/13:2 D 0 4055883 2 0x00000228
Workqueue: events mlx5e_tx_dim_work [mlx5_core]
Call trace:
__switch_to+0xe8/0x150
__schedule+0x2a8/0x9b8
schedule+0x2c/0x88
schedule_timeout+0x204/0x478
wait_for_common+0x154/0x250
wait_for_completion+0x28/0x38
cmd_exec+0x7a0/0xa00 [mlx5_core]
mlx5_cmd_exec+0x54/0x80 [mlx5_core]
mlx5_core_modify_cq+0x6c/0x80 [mlx5_core]
mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core]
mlx5e_tx_dim_work+0x54/0x68 [mlx5_core]
process_one_work+0x1b0/0x448
worker_thread+0x54/0x468
kthread+0x134/0x138
ret_from_fork+0x10/0x18
The Linux kernel CVE team has assigned CVE-2025-21662 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.1.93 with commit 4baae687a20ef2b82fde12de3c04461e6f2521d6 and fixed in 6.1.125 with commit f0a2808767ac39f64b1d9a0ff865c255073cf3d4
Issue introduced in 6.6.33 with commit f9caccdd42e999b74303c9b0643300073ed5d319 and fixed in 6.6.72 with commit 229cc10284373fbe754e623b7033dca7e7470ec8
Issue introduced in 6.10 with commit 485d65e1357123a697c591a5aeb773994b247ad7 and fixed in 6.12.10 with commit 36124081f6ffd9dfaad48830bdf106bb82a9457d
Issue introduced in 6.10 with commit 485d65e1357123a697c591a5aeb773994b247ad7 and fixed in 6.13 with commit 0e2909c6bec9048f49d0c8e16887c63b50b14647
Issue introduced in 6.8.12 with commit 2d0962d05c93de391ce85f6e764df895f47c8918
Issue introduced in 6.9.3 with commit 94024332a129c6e4275569d85c0c1bfb2ae2d71b
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-21662
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/ethernet/mellanox/mlx5/core/cmd.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/f0a2808767ac39f64b1d9a0ff865c255073cf3d4
https://git.kernel.org/stable/c/229cc10284373fbe754e623b7033dca7e7470ec8
https://git.kernel.org/stable/c/36124081f6ffd9dfaad48830bdf106bb82a9457d
https://git.kernel.org/stable/c/0e2909c6bec9048f49d0c8e16887c63b50b14647
Powered by blists - more mailing lists