| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050131-CVE-2025-23160-b246@gregkh> Date: Thu, 1 May 2025 14:56:40 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-23160: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization On Mediatek devices with a system companion processor (SCP) the mtk_scp structure has to be removed explicitly to avoid a resource leak. Free the structure in case the allocation of the firmware structure fails during the firmware initialization. The Linux kernel CVE team has assigned CVE-2025-23160 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.36 with commit f066882293b5ad359e44c4ed24ab1811ffb0b354 and fixed in 6.6.88 with commit fd7bb97ede487b9f075707b7408a9073e0d474b1 Issue introduced in 6.10 with commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b and fixed in 6.12.24 with commit 9f009fa823c54ca0857c81f7525ea5a5d32de29c Issue introduced in 6.10 with commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b and fixed in 6.13.12 with commit d6cb086aa52bd51378a4c9e2b25d2def97770205 Issue introduced in 6.10 with commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b and fixed in 6.14.3 with commit ac94e1db4b2053059779472eb58a64d504964240 Issue introduced in 6.10 with commit 53dbe08504442dc7ba4865c09b3bbf5fe849681b and fixed in 6.15-rc1 with commit 4936cd5817af35d23e4d283f48fa59a18ef481e4 Issue introduced in 6.1.130 with commit eeb62bb4ca22db17f7dfe8fb8472e0442df3d92f Issue introduced in 6.9.7 with commit 3a693c7e243b932faee5c1fb728efa73f0abc39b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-23160 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_scp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fd7bb97ede487b9f075707b7408a9073e0d474b1 https://git.kernel.org/stable/c/9f009fa823c54ca0857c81f7525ea5a5d32de29c https://git.kernel.org/stable/c/d6cb086aa52bd51378a4c9e2b25d2def97770205 https://git.kernel.org/stable/c/ac94e1db4b2053059779472eb58a64d504964240 https://git.kernel.org/stable/c/4936cd5817af35d23e4d283f48fa59a18ef481e4
Powered by blists - more mailing lists