| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025041601-CVE-2025-22046-e5b9@gregkh> Date: Wed, 16 Apr 2025 16:12:17 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-22046: uprobes/x86: Harden uretprobe syscall trampoline check Description =========== In the Linux kernel, the following vulnerability has been resolved: uprobes/x86: Harden uretprobe syscall trampoline check Jann reported a possible issue when trampoline_check_ip returns address near the bottom of the address space that is allowed to call into the syscall if uretprobes are not set up: https://lore.kernel.org/bpf/202502081235.5A6F352985@keescook/T/#m9d416df341b8fbc11737dacbcd29f0054413cbbf Though the mmap minimum address restrictions will typically prevent creating mappings there, let's make sure uretprobe syscall checks for that. The Linux kernel CVE team has assigned CVE-2025-22046 to this issue. Affected and fixed versions =========================== Issue introduced in 6.11 with commit ff474a78cef5cb5f32be52fe25b78441327a2e7c and fixed in 6.12.23 with commit c35771342e47d58ab9433f3be1c3c30f2c5fa4f3 Issue introduced in 6.11 with commit ff474a78cef5cb5f32be52fe25b78441327a2e7c and fixed in 6.13.11 with commit b0065d712049c87e1994c6eac00c6a637e39b325 Issue introduced in 6.11 with commit ff474a78cef5cb5f32be52fe25b78441327a2e7c and fixed in 6.14.2 with commit d4e48b8d59fe162938a5004ace698c847e6a3207 Issue introduced in 6.11 with commit ff474a78cef5cb5f32be52fe25b78441327a2e7c and fixed in 6.15-rc1 with commit fa6192adc32f4fdfe5b74edd5b210e12afd6ecc0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-22046 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/x86/kernel/uprobes.c include/linux/uprobes.h kernel/events/uprobes.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c35771342e47d58ab9433f3be1c3c30f2c5fa4f3 https://git.kernel.org/stable/c/b0065d712049c87e1994c6eac00c6a637e39b325 https://git.kernel.org/stable/c/d4e48b8d59fe162938a5004ace698c847e6a3207 https://git.kernel.org/stable/c/fa6192adc32f4fdfe5b74edd5b210e12afd6ecc0
Powered by blists - more mailing lists