| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025041619-CVE-2025-22095-7f29@gregkh> Date: Wed, 16 Apr 2025 16:13:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2025-22095: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() Description =========== In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() If the regulator_bulk_get() returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a call to the regulator_bulk_free() will result in a kernel panic. While at it, print the error value, as we cannot return an error upwards as the kernel will WARN() on an error from add_bus(). [kwilczynski: commit log, use comma in the message to match style with other similar messages] The Linux kernel CVE team has assigned CVE-2025-22095 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit 9e6be018b26347c26a93e63fb50a37ee2c9311de and fixed in 6.1.134 with commit 99a0efba9f903acbdece548862b6b4cbe7d999e1 Issue introduced in 6.0 with commit 9e6be018b26347c26a93e63fb50a37ee2c9311de and fixed in 6.6.87 with commit eedd054834930b8d678f0776cd4b091b8fffbb4a Issue introduced in 6.0 with commit 9e6be018b26347c26a93e63fb50a37ee2c9311de and fixed in 6.12.23 with commit df63321a40cc98e52313cffbff376b8ae9ceffa7 Issue introduced in 6.0 with commit 9e6be018b26347c26a93e63fb50a37ee2c9311de and fixed in 6.13.11 with commit 7842e842a9bf6bd5866c84f588353711d131ab1a Issue introduced in 6.0 with commit 9e6be018b26347c26a93e63fb50a37ee2c9311de and fixed in 6.14.2 with commit 6f44e1fdb006db61394aa4d4c25728ada00842e7 Issue introduced in 6.0 with commit 9e6be018b26347c26a93e63fb50a37ee2c9311de and fixed in 6.15-rc1 with commit 3651ad5249c51cf7eee078e12612557040a6bdb4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-22095 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/pci/controller/pcie-brcmstb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/99a0efba9f903acbdece548862b6b4cbe7d999e1 https://git.kernel.org/stable/c/eedd054834930b8d678f0776cd4b091b8fffbb4a https://git.kernel.org/stable/c/df63321a40cc98e52313cffbff376b8ae9ceffa7 https://git.kernel.org/stable/c/7842e842a9bf6bd5866c84f588353711d131ab1a https://git.kernel.org/stable/c/6f44e1fdb006db61394aa4d4c25728ada00842e7 https://git.kernel.org/stable/c/3651ad5249c51cf7eee078e12612557040a6bdb4
Powered by blists - more mailing lists