lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025030706-CVE-2025-21836-b358@gregkh> Date: Fri, 7 Mar 2025 10:10:06 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21836: io_uring/kbuf: reallocate buf lists on upgrade Description =========== In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement that most of the field should stay stable after publish. Always reallocate it instead. The Linux kernel CVE team has assigned CVE-2025-21836 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 2fcabce2d7d34f69a888146dab15b36a917f09d4 and fixed in 6.6.79 with commit 146a185f6c05ee263db715f860620606303c4633 Issue introduced in 5.19 with commit 2fcabce2d7d34f69a888146dab15b36a917f09d4 and fixed in 6.12.16 with commit 7d0dc28dae836caf7645fef62a10befc624dd17b Issue introduced in 5.19 with commit 2fcabce2d7d34f69a888146dab15b36a917f09d4 and fixed in 6.13.4 with commit 2a5febbef40ce968e295a7aeaa5d5cbd9e3e5ad4 Issue introduced in 5.19 with commit 2fcabce2d7d34f69a888146dab15b36a917f09d4 and fixed in 6.14-rc3 with commit 8802766324e1f5d414a81ac43365c20142e85603 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21836 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: io_uring/kbuf.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/146a185f6c05ee263db715f860620606303c4633 https://git.kernel.org/stable/c/7d0dc28dae836caf7645fef62a10befc624dd17b https://git.kernel.org/stable/c/2a5febbef40ce968e295a7aeaa5d5cbd9e3e5ad4 https://git.kernel.org/stable/c/8802766324e1f5d414a81ac43365c20142e85603
Powered by blists - more mailing lists