| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025022645-CVE-2025-21715-2837@gregkh>
Date: Wed, 26 Feb 2025 18:06:10 -0800
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2025-21715: net: davicom: fix UAF in dm9000_drv_remove
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net: davicom: fix UAF in dm9000_drv_remove
dm is netdev private data and it cannot be
used after free_netdev() call. Using dm after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() at the end of the
function.
This is similar to the issue fixed in commit
ad297cd2db89 ("net: qcom/emac: fix UAF in emac_remove").
This bug is detected by our static analysis tool.
The Linux kernel CVE team has assigned CVE-2025-21715 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.12 with commit cf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9b and fixed in 6.1.129 with commit c94ab07edc2843e2f3d46dbd82e5c681503aaadf
Issue introduced in 5.12 with commit cf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9b and fixed in 6.6.76 with commit c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca
Issue introduced in 5.12 with commit cf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9b and fixed in 6.12.13 with commit 5a54367a7c2378c65aaa4d3cfd952f26adef7aa7
Issue introduced in 5.12 with commit cf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9b and fixed in 6.13.2 with commit 2013c95df6752d9c88221d0f0f37b6f197969390
Issue introduced in 5.12 with commit cf9e60aa69ae6c40d3e3e4c94dd6c8de31674e9b and fixed in 6.14-rc1 with commit 19e65c45a1507a1a2926649d2db3583ed9d55fd9
Issue introduced in 4.4.262 with commit d182994b2b6e23778b146a230efac8f1d77a3445
Issue introduced in 4.9.262 with commit 427b3fc3d5244fef9c1f910a9c699f2690642f83
Issue introduced in 4.14.226 with commit 9c49181c201d434186ca6b1a7b52e29f4169f6f8
Issue introduced in 4.19.181 with commit 9808f032c4d971cbf2b01411a0a2a8ee0040efe3
Issue introduced in 5.4.106 with commit d28e783c20033b90a64d4e1307bafb56085d8184
Issue introduced in 5.10.24 with commit 4fd0654b8f2129b68203974ddee15f804ec011c2
Issue introduced in 5.11.7 with commit a1f308089257616cdb91b4334c5eaa81ae17e387
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-21715
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/net/ethernet/davicom/dm9000.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c94ab07edc2843e2f3d46dbd82e5c681503aaadf
https://git.kernel.org/stable/c/c411f9a5fdc9158e8f7c57eac961d3df3eb4d8ca
https://git.kernel.org/stable/c/5a54367a7c2378c65aaa4d3cfd952f26adef7aa7
https://git.kernel.org/stable/c/2013c95df6752d9c88221d0f0f37b6f197969390
https://git.kernel.org/stable/c/19e65c45a1507a1a2926649d2db3583ed9d55fd9
Powered by blists - more mailing lists