| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025060859-CVE-2025-38003-6565@gregkh> Date: Sun, 8 Jun 2025 12:35:00 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38003: can: bcm: add missing rcu read protection for procfs content From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection. The Linux kernel CVE team has assigned CVE-2025-38003 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.205 with commit 5b48f5711f1c630841ab78dcc061de902f0e37bf and fixed in 5.4.294 with commit 19f553a1ddf260da6570ed8f8d91a8c87f49b63a Issue introduced in 5.10.130 with commit 85cd41070df992d3c0dfd828866fdd243d3b774a and fixed in 5.10.238 with commit 659701c0b954ccdb4a916a4ad59bbc16e726d42c Issue introduced in 5.15.54 with commit f34f2a18e47b73e48f90a757e1f4aaa8c7d665a1 and fixed in 5.15.185 with commit 0622846db728a5332b917c797c733e202c4620ae Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.1.141 with commit 6d7d458c41b98a5c1670cbd36f2923c37de51cf5 Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.6.93 with commit 1f912f8484e9c4396378c39460bbea0af681f319 Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.12.31 with commit 63567ecd99a24495208dc860d50fb17440043006 Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.14.9 with commit 7c9db92d5f0eadca30884af75c53d601edc512ee Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.15 with commit dac5e6249159ac255dad9781793dbe5908ac9ddb Issue introduced in 4.19.252 with commit fbac09a3b8890003c0c55294c00709f3ae5501bb Issue introduced in 5.18.11 with commit edb4baffb9483141a50fb7f7146cfe4a4c0c2db8 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38003 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/can/bcm.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5 https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319 https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006 https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb
Powered by blists - more mailing lists