| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025052035-CVE-2025-37983-e35c@gregkh> Date: Tue, 20 May 2025 19:07:36 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-37983: qibfs: fix _another_ leak From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low... The Linux kernel CVE team has assigned CVE-2025-37983 to this issue. Affected and fixed versions =========================== Fixed in 5.4.293 with commit 5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6 Fixed in 5.10.237 with commit 3c2fde33e3e505dfd1a895d1f24bad650c655e14 Fixed in 5.15.181 with commit 5fe708c5e3c8b2152c6caaa67243e431a5d6cca3 Fixed in 6.1.136 with commit 545defa656568c74590317cd30068f85134a8216 Fixed in 6.6.89 with commit 5d53e88d8370b9ab14dd830abb410d9a2671edb6 Fixed in 6.12.26 with commit 47ab2caba495c1d6a899d284e541a8df656dcfe9 Fixed in 6.14.5 with commit 24faa6ea274a2b96d0a78a0996c3137c2b2a65f0 Fixed in 6.15-rc1 with commit bdb43af4fdb39f844ede401bdb1258f67a580a27 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-37983 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/qib/qib_fs.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6 https://git.kernel.org/stable/c/3c2fde33e3e505dfd1a895d1f24bad650c655e14 https://git.kernel.org/stable/c/5fe708c5e3c8b2152c6caaa67243e431a5d6cca3 https://git.kernel.org/stable/c/545defa656568c74590317cd30068f85134a8216 https://git.kernel.org/stable/c/5d53e88d8370b9ab14dd830abb410d9a2671edb6 https://git.kernel.org/stable/c/47ab2caba495c1d6a899d284e541a8df656dcfe9 https://git.kernel.org/stable/c/24faa6ea274a2b96d0a78a0996c3137c2b2a65f0 https://git.kernel.org/stable/c/bdb43af4fdb39f844ede401bdb1258f67a580a27
Powered by blists - more mailing lists