| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025021259-CVE-2025-21697-e883@gregkh> Date: Wed, 12 Feb 2025 14:27:01 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21697: drm/v3d: Ensure job pointer is set to NULL after job completion Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Ensure job pointer is set to NULL after job completion After a job completes, the corresponding pointer in the device must be set to NULL. Failing to do so triggers a warning when unloading the driver, as it appears the job is still active. To prevent this, assign the job pointer to NULL after completing the job, indicating the job has finished. The Linux kernel CVE team has assigned CVE-2025-21697 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19 with commit 14d1d190869685d3a1e8a3f63924e20594557cb2 and fixed in 5.4.290 with commit 1bd6303d08c85072ce40ac01a767ab67195105bd Issue introduced in 4.19 with commit 14d1d190869685d3a1e8a3f63924e20594557cb2 and fixed in 5.10.234 with commit a34050f70e7955a359874dff1a912a748724a140 Issue introduced in 4.19 with commit 14d1d190869685d3a1e8a3f63924e20594557cb2 and fixed in 5.15.177 with commit 14e0a874488e79086340ba8e2d238cb9596b68a8 Issue introduced in 4.19 with commit 14d1d190869685d3a1e8a3f63924e20594557cb2 and fixed in 6.1.127 with commit 2a1c88f7ca5c12dff6fa6787492ac910bb9e4407 Issue introduced in 4.19 with commit 14d1d190869685d3a1e8a3f63924e20594557cb2 and fixed in 6.6.74 with commit 63195bae1cbf78f1d392b1bc9ae4b03c82d0ebf3 Issue introduced in 4.19 with commit 14d1d190869685d3a1e8a3f63924e20594557cb2 and fixed in 6.12.11 with commit b22467b1ae104073dcb11aa78562a331cd7fb0e0 Issue introduced in 4.19 with commit 14d1d190869685d3a1e8a3f63924e20594557cb2 and fixed in 6.13 with commit e4b5ccd392b92300a2b341705cc4805681094e49 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21697 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/v3d/v3d_irq.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/1bd6303d08c85072ce40ac01a767ab67195105bd https://git.kernel.org/stable/c/a34050f70e7955a359874dff1a912a748724a140 https://git.kernel.org/stable/c/14e0a874488e79086340ba8e2d238cb9596b68a8 https://git.kernel.org/stable/c/2a1c88f7ca5c12dff6fa6787492ac910bb9e4407 https://git.kernel.org/stable/c/63195bae1cbf78f1d392b1bc9ae4b03c82d0ebf3 https://git.kernel.org/stable/c/b22467b1ae104073dcb11aa78562a331cd7fb0e0 https://git.kernel.org/stable/c/e4b5ccd392b92300a2b341705cc4805681094e49
Powered by blists - more mailing lists