lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050131-CVE-2025-23161-fb6d@gregkh> Date: Thu, 1 May 2025 14:56:41 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org>, "Luis Claudio R. Goncalves" <lgoncalv@...hat.com> Subject: CVE-2025-23161: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a low-level hardware access. The functions can be accessed with disabled interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this purpose. A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in the same context as the pci_lock. Make vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with interrupts disabled. This was reported as: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 Call Trace: rt_spin_lock+0x4e/0x130 vmd_pci_read+0x8d/0x100 [vmd] pci_user_read_config_byte+0x6f/0xe0 pci_read_config+0xfe/0x290 sysfs_kf_bin_read+0x68/0x90 [bigeasy: reword commit message] Tested-off-by: Luis Claudio R. Goncalves <lgoncalv@...hat.com> [kwilczynski: commit log] [bhelgaas: add back report info from https://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/] The Linux kernel CVE team has assigned CVE-2025-23161 to this issue. Affected and fixed versions =========================== Fixed in 6.1.135 with commit c2968c812339593ac6e2bdd5cc3adabe3f05fa53 Fixed in 6.6.88 with commit 13e5148f70e81991acbe0bab5b1b50ba699116e7 Fixed in 6.12.24 with commit 5c3cfcf0b4bf43530788b08a8eaf7896ec567484 Fixed in 6.13.12 with commit 2358046ead696ca5c7c628d6c0e2c6792619a3e5 Fixed in 6.14.3 with commit 20d0a9062c031068fa39f725a32f182b709b5525 Fixed in 6.15-rc1 with commit 18056a48669a040bef491e63b25896561ee14d90 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-23161 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/pci/controller/vmd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c2968c812339593ac6e2bdd5cc3adabe3f05fa53 https://git.kernel.org/stable/c/13e5148f70e81991acbe0bab5b1b50ba699116e7 https://git.kernel.org/stable/c/5c3cfcf0b4bf43530788b08a8eaf7896ec567484 https://git.kernel.org/stable/c/2358046ead696ca5c7c628d6c0e2c6792619a3e5 https://git.kernel.org/stable/c/20d0a9062c031068fa39f725a32f182b709b5525 https://git.kernel.org/stable/c/18056a48669a040bef491e63b25896561ee14d90
Powered by blists - more mailing lists