| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025041819-CVE-2025-38637-8e27@gregkh> Date: Fri, 18 Apr 2025 09:02:24 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38637: net_sched: skbprio: Remove overly strict queue assertions From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with specific parameters. The failure occurs because TBF sometimes peeks at packets in the child qdisc without actually dequeuing them when tokens are unavailable. This peek operation creates a discrepancy between the parent and child qdisc queue length counters. When TBF later receives a high-priority packet, SKBPRIO's queue length may show a different value than what's reflected in its internal priority queue tracking, triggering the assertion. The fix removes this overly strict assertions in SKBPRIO, they are not necessary at all. The Linux kernel CVE team has assigned CVE-2025-38637 to this issue. Affected and fixed versions =========================== Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 5.4.292 with commit 7abc8318ce0712182bf0783dcfdd9a6a8331160e Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 5.10.236 with commit 1284733bab736e598341f1d3f3b94e2a322864a8 Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 5.15.180 with commit 32ee79682315e6d3c99947b3f38b078a09a66919 Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 6.1.134 with commit 1dcc144c322a8d526b791135604c0663f1af9d85 Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 6.6.87 with commit 864ca690ff135078d374bd565b9872f161c614bc Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 6.12.23 with commit 2f35b7673a3aa3d09b3eb05811669622ebaa98ca Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 6.13.11 with commit 2286770b07cb5268c03d11274b8efd43dff0d380 Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 6.14.2 with commit 034b293bf17c124fec0f0e663f81203b00aa7a50 Issue introduced in 4.19 with commit aea5f654e6b78a0c976f7a25950155932c77a53f and fixed in 6.15-rc1 with commit ce8fe975fd99b49c29c42e50f2441ba53112b2e8 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38637 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/sched/sch_skbprio.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7abc8318ce0712182bf0783dcfdd9a6a8331160e https://git.kernel.org/stable/c/1284733bab736e598341f1d3f3b94e2a322864a8 https://git.kernel.org/stable/c/32ee79682315e6d3c99947b3f38b078a09a66919 https://git.kernel.org/stable/c/1dcc144c322a8d526b791135604c0663f1af9d85 https://git.kernel.org/stable/c/864ca690ff135078d374bd565b9872f161c614bc https://git.kernel.org/stable/c/2f35b7673a3aa3d09b3eb05811669622ebaa98ca https://git.kernel.org/stable/c/2286770b07cb5268c03d11274b8efd43dff0d380 https://git.kernel.org/stable/c/034b293bf17c124fec0f0e663f81203b00aa7a50 https://git.kernel.org/stable/c/ce8fe975fd99b49c29c42e50f2441ba53112b2e8
Powered by blists - more mailing lists