| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022710-CVE-2025-21818-27ee@gregkh> Date: Thu, 27 Feb 2025 12:03:15 -0800 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21818: x86/xen: fix xen_hypercall_hvm() to not clobber %rbx Description =========== In the Linux kernel, the following vulnerability has been resolved: x86/xen: fix xen_hypercall_hvm() to not clobber %rbx xen_hypercall_hvm(), which is used when running as a Xen PVH guest at most only once during early boot, is clobbering %rbx. Depending on whether the caller relies on %rbx to be preserved across the call or not, this clobbering might result in an early crash of the system. This can be avoided by using an already saved register instead of %rbx. The Linux kernel CVE team has assigned CVE-2025-21818 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.121 with commit 7e44e7065263c3baf287e7ff267a610cccde7544 and fixed in 6.1.129 with commit 522d726824cc570e0b6bf0b3af4d5a826f1b17c5 Issue introduced in 6.6.67 with commit 31f29270c15bef700cbea40297c6b9a7114b3960 and fixed in 6.6.78 with commit 242f7584da3ad041a9db809d33d27a8be8eccc29 Issue introduced in 6.12.6 with commit 3fbfac0f30441725e87d85d8629fa9dbc673704b and fixed in 6.12.14 with commit 4890a0858c09d96f3234a8f94663de80a7201bc4 Issue introduced in 6.13 with commit b4845bb6383821a9516ce30af3a27dc873e37fd4 and fixed in 6.13.3 with commit 23f6f420cd727d641f95478fcf3bbbee41e4e5d6 Issue introduced in 6.13 with commit b4845bb6383821a9516ce30af3a27dc873e37fd4 and fixed in 6.14-rc2 with commit 98a5cfd2320966f40fe049a9855f8787f0126825 Issue introduced in 5.10.232 with commit 76b42b1340ca0c17961a1000474a23eff6f15f83 Issue introduced in 5.15.175 with commit a501b4dbedb4cdcfa2372b40e6b405e26d3e8069 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21818 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/x86/xen/xen-head.S Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/522d726824cc570e0b6bf0b3af4d5a826f1b17c5 https://git.kernel.org/stable/c/242f7584da3ad041a9db809d33d27a8be8eccc29 https://git.kernel.org/stable/c/4890a0858c09d96f3234a8f94663de80a7201bc4 https://git.kernel.org/stable/c/23f6f420cd727d641f95478fcf3bbbee41e4e5d6 https://git.kernel.org/stable/c/98a5cfd2320966f40fe049a9855f8787f0126825
Powered by blists - more mailing lists