| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025040349-CVE-2025-22005-3e0f@gregkh>
Date: Thu, 3 Apr 2025 08:17:57 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: CVE-2025-22005: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything
when it fails.
Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh")
moved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init()
but forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in
case it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak.
Let's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the
error path.
Note that we can remove the fib6_nh_release() call in nh_create_ipv6()
later in net-next.git.
The Linux kernel CVE team has assigned CVE-2025-22005 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.3 with commit 7dd73168e273938b9e9bb42ca51b0c27d807992b and fixed in 6.1.132 with commit 77c41cdbe6bce476e08d3251c0d501feaf10a9f3
Issue introduced in 5.3 with commit 7dd73168e273938b9e9bb42ca51b0c27d807992b and fixed in 6.6.85 with commit 119dcafe36795a15ae53351cbbd6177aaf94ffef
Issue introduced in 5.3 with commit 7dd73168e273938b9e9bb42ca51b0c27d807992b and fixed in 6.12.21 with commit 29d91820184d5cbc70f3246d4911d96eaeb930d6
Issue introduced in 5.3 with commit 7dd73168e273938b9e9bb42ca51b0c27d807992b and fixed in 6.13.9 with commit d3d5b4b5ae263c3225db363ba08b937e2e2b0380
Issue introduced in 5.3 with commit 7dd73168e273938b9e9bb42ca51b0c27d807992b and fixed in 6.14 with commit 9740890ee20e01f99ff1dde84c63dcf089fabb98
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-22005
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/ipv6/route.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3
https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef
https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6
https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380
https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98
Powered by blists - more mailing lists