| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050817-CVE-2025-37811-a8f1@gregkh> Date: Thu, 8 May 2025 08:39:20 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-37811: usb: chipidea: ci_hdrc_imx: fix usbmisc handling From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the pointer. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool. The Linux kernel CVE team has assigned CVE-2025-37811 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15.179 with commit 3f46fefab962fc5dcfe4d53a7c2cdccd51ebdc6d and fixed in 5.15.181 with commit 8060b719676e8c0e5a2222c2977ba0458d9d9535 Issue introduced in 6.1.129 with commit 7ae96eba35036bdd47ecd956e882ff057a550405 and fixed in 6.1.136 with commit 0ee460498ced49196149197c9f6d29a10e5e0798 Issue introduced in 6.6.72 with commit dcd4de31bd01a7189c24e3cafe40649c9c42b9af and fixed in 6.6.89 with commit 121e9f80ea5478bca3a8f3f26593fd66f87da649 Issue introduced in 6.12.10 with commit 57797497a696cffaea421fc4e5a3ea2a8536b1a2 and fixed in 6.12.26 with commit 887902ca73490f38c69fd6149ef361a041cf912f Issue introduced in 6.13 with commit 74adad500346fb07d69af2c79acbff4adb061134 and fixed in 6.14.5 with commit 2aa87bd825377f5073b76701780a902cd0fc725a Issue introduced in 6.13 with commit 74adad500346fb07d69af2c79acbff4adb061134 and fixed in 6.15-rc4 with commit 4e28f79e3dffa52d327b46d1a78dac16efb5810b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-37811 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/chipidea/ci_hdrc_imx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8060b719676e8c0e5a2222c2977ba0458d9d9535 https://git.kernel.org/stable/c/0ee460498ced49196149197c9f6d29a10e5e0798 https://git.kernel.org/stable/c/121e9f80ea5478bca3a8f3f26593fd66f87da649 https://git.kernel.org/stable/c/887902ca73490f38c69fd6149ef361a041cf912f https://git.kernel.org/stable/c/2aa87bd825377f5073b76701780a902cd0fc725a https://git.kernel.org/stable/c/4e28f79e3dffa52d327b46d1a78dac16efb5810b
Powered by blists - more mailing lists