| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025021054-CVE-2025-21687-59a8@gregkh> Date: Mon, 10 Feb 2025 16:58:55 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21687: vfio/platform: check the bounds of read/write syscalls Description =========== In the Linux kernel, the following vulnerability has been resolved: vfio/platform: check the bounds of read/write syscalls count and offset are passed from user space and not checked, only offset is capped to 40 bits, which can be used to read/write out of bounds of the device. The Linux kernel CVE team has assigned CVE-2025-21687 to this issue. Affected and fixed versions =========================== Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 5.4.290 with commit f21636f24b6786c8b13f1af4319fa75ffcf17f38 Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 5.10.234 with commit d19a8650fd3d7aed8d1af1d9a77f979a8430eba1 Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 5.15.178 with commit 92340e6c5122d823ad064984ef7513eba9204048 Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 6.1.128 with commit 6bcb8a5b70b80143db9bf12dfa7d53636f824d53 Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 6.6.75 with commit c981c32c38af80737a2fedc16e270546d139ccdd Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 6.12.12 with commit a20fcaa230f7472456d12cf761ed13938e320ac3 Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 6.13.1 with commit 665cfd1083866f87301bbd232cb8ba48dcf4acce Issue introduced in 4.1 with commit 6e3f264560099869f68830cb14b3b3e71e5ac76a and fixed in 6.14-rc1 with commit ce9ff21ea89d191e477a02ad7eabf4f996b80a69 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21687 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/vfio/platform/vfio_platform_common.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f21636f24b6786c8b13f1af4319fa75ffcf17f38 https://git.kernel.org/stable/c/d19a8650fd3d7aed8d1af1d9a77f979a8430eba1 https://git.kernel.org/stable/c/92340e6c5122d823ad064984ef7513eba9204048 https://git.kernel.org/stable/c/6bcb8a5b70b80143db9bf12dfa7d53636f824d53 https://git.kernel.org/stable/c/c981c32c38af80737a2fedc16e270546d139ccdd https://git.kernel.org/stable/c/a20fcaa230f7472456d12cf761ed13938e320ac3 https://git.kernel.org/stable/c/665cfd1083866f87301bbd232cb8ba48dcf4acce https://git.kernel.org/stable/c/ce9ff21ea89d191e477a02ad7eabf4f996b80a69
Powered by blists - more mailing lists