| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025052037-CVE-2025-37985-1b43@gregkh> Date: Tue, 20 May 2025 19:07:38 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-37985: USB: wdm: close race between wdm_open and wdm_wwan_port_stop From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned The Linux kernel CVE team has assigned CVE-2025-37985 to this issue. Affected and fixed versions =========================== Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 5.15.181 with commit b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167 Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.1.136 with commit 217fe1fc7d112595a793e02b306710e702eac492 Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.6.89 with commit 54f7f8978af19f899dec80bcc71c8d4855dfbd72 Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.12.26 with commit 52ae15c665b5fe5876655aaccc3ef70560b0e314 Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.14.5 with commit e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9 Issue introduced in 5.14 with commit cac6fb015f719104e60b1c68c15ca5b734f57b9c and fixed in 6.15-rc4 with commit c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-37985 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/usb/class/cdc-wdm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b02a3fef3e8c8fe5a0a266f7a14f38cc608fb167 https://git.kernel.org/stable/c/217fe1fc7d112595a793e02b306710e702eac492 https://git.kernel.org/stable/c/54f7f8978af19f899dec80bcc71c8d4855dfbd72 https://git.kernel.org/stable/c/52ae15c665b5fe5876655aaccc3ef70560b0e314 https://git.kernel.org/stable/c/e3c9adc69357fcbe6253a2bc2588ee4bbaaedbe9 https://git.kernel.org/stable/c/c1846ed4eb527bdfe6b3b7dd2c78e2af4bf98f4f
Powered by blists - more mailing lists