| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025040129-CVE-2025-21905-348b@gregkh> Date: Tue, 1 Apr 2025 16:39:29 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-21905: wifi: iwlwifi: limit printed string from FW file Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: limit printed string from FW file There's no guarantee here that the file is always with a NUL-termination, so reading the string may read beyond the end of the TLV. If that's the last TLV in the file, it can perhaps even read beyond the end of the file buffer. Fix that by limiting the print format to the size of the buffer we have. The Linux kernel CVE team has assigned CVE-2025-21905 to this issue. Affected and fixed versions =========================== Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 5.4.291 with commit 38f0d398b6d7640d223db69df022c4a232f24774 Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 5.10.235 with commit c0e626f2b2390472afac52dfe72b29daf9ed8e1d Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 5.15.179 with commit 47616b82f2d42ea2060334746fed9a2988d845c9 Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 6.1.131 with commit 88ed69f924638c7503644e1f8eed1e976f3ffa7a Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 6.6.83 with commit b02f8d5a71c8571ccf77f285737c566db73ef5e5 Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 6.12.19 with commit f265e6031d0bc4fc40c4619cb42466722b46eaa9 Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 6.13.7 with commit 59cdda202829d1d6a095d233386870a59aff986f Issue introduced in 5.2 with commit aee1b6385e29e472ae5592b9652b750a29bf702e and fixed in 6.14 with commit e0dc2c1bef722cbf16ae557690861e5f91208129 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-21905 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/intel/iwlwifi/iwl-drv.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/38f0d398b6d7640d223db69df022c4a232f24774 https://git.kernel.org/stable/c/c0e626f2b2390472afac52dfe72b29daf9ed8e1d https://git.kernel.org/stable/c/47616b82f2d42ea2060334746fed9a2988d845c9 https://git.kernel.org/stable/c/88ed69f924638c7503644e1f8eed1e976f3ffa7a https://git.kernel.org/stable/c/b02f8d5a71c8571ccf77f285737c566db73ef5e5 https://git.kernel.org/stable/c/f265e6031d0bc4fc40c4619cb42466722b46eaa9 https://git.kernel.org/stable/c/59cdda202829d1d6a095d233386870a59aff986f https://git.kernel.org/stable/c/e0dc2c1bef722cbf16ae557690861e5f91208129
Powered by blists - more mailing lists