| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025052040-CVE-2025-37982-8085@gregkh> Date: Tue, 20 May 2025 18:56:46 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-37982: wifi: wl1251: fix memory leak in wl1251_tx_work From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. The Linux kernel CVE team has assigned CVE-2025-37982 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 5.4.293 with commit 13c9744c1bcdb5de4e7dc1a78784788ecec52add Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 5.10.237 with commit f08448a885403722c5c77dae51964badfcb69495 Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 5.15.181 with commit 2996144be660d930d5e394652abe08fe89dbe00e Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 6.1.135 with commit 8fd4b9551af214d037fbc9d8e179840b8b917841 Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 6.6.88 with commit 4a43fd36710669d67dbb5c16287a58412582ca26 Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 6.12.25 with commit 52f224009ce1e44805e6ff3ffc2a06af9c1c3c5b Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 6.14.4 with commit 5a90c29d0204c5ffc45b43b4eced6eef0e19a33a Issue introduced in 2.6.32 with commit c5483b71936333ba9474f57d0f3a7a7abf9b87a0 and fixed in 6.15-rc3 with commit a0f0dc96de03ffeefc2a177b7f8acde565cb77f4 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-37982 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/ti/wl1251/tx.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/13c9744c1bcdb5de4e7dc1a78784788ecec52add https://git.kernel.org/stable/c/f08448a885403722c5c77dae51964badfcb69495 https://git.kernel.org/stable/c/2996144be660d930d5e394652abe08fe89dbe00e https://git.kernel.org/stable/c/8fd4b9551af214d037fbc9d8e179840b8b917841 https://git.kernel.org/stable/c/4a43fd36710669d67dbb5c16287a58412582ca26 https://git.kernel.org/stable/c/52f224009ce1e44805e6ff3ffc2a06af9c1c3c5b https://git.kernel.org/stable/c/5a90c29d0204c5ffc45b43b4eced6eef0e19a33a https://git.kernel.org/stable/c/a0f0dc96de03ffeefc2a177b7f8acde565cb77f4
Powered by blists - more mailing lists