| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061827-CVE-2025-38037-afa7@gregkh> Date: Wed, 18 Jun 2025 11:33:33 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38037: vxlan: Annotate FDB data races From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as [1]. Can be reproduced using [2]. Suppress these reports by annotating these accesses using READ_ONCE() / WRITE_ONCE(). [1] BUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit write to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0: vxlan_xmit+0xb29/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2: vxlan_xmit+0xadf/0x2380 dev_hard_start_xmit+0x84/0x2f0 __dev_queue_xmit+0x45a/0x1650 packet_xmit+0x100/0x150 packet_sendmsg+0x2114/0x2ac0 __sys_sendto+0x318/0x330 __x64_sys_sendto+0x76/0x90 x64_sys_call+0x14e8/0x1c00 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0x00000000fffbac6e -> 0x00000000fffbac6f Reported by Kernel Concurrency Sanitizer on: CPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 [2] #!/bin/bash set +H echo whitelist > /sys/kernel/debug/kcsan echo !vxlan_xmit > /sys/kernel/debug/kcsan ip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1 bridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1 taskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q & taskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q & The Linux kernel CVE team has assigned CVE-2025-38037 to this issue. Affected and fixed versions =========================== Fixed in 5.4.294 with commit 02a33b1035a307453a1da6ce0a1bf3676be287d7 Fixed in 5.10.238 with commit 87d076987a9ba106c83412fcd113656f71af05a1 Fixed in 5.15.185 with commit e033da39fc6abbddab6c29624acef80757f273fa Fixed in 6.1.141 with commit 784b78295a3a58bf052339dd669e6e03710220d3 Fixed in 6.6.93 with commit 13cba3f837903f7184d6e9b6137d5165ffe82a8f Fixed in 6.12.31 with commit a6644aeb8ddf196dec5f8e782293c36f065df4d7 Fixed in 6.14.9 with commit 4eceb7eae6ea7c950384c34e6dbbe872c981935f Fixed in 6.15 with commit f6205f8215f12a96518ac9469ff76294ae7bd612 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38037 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/vxlan/vxlan_core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/02a33b1035a307453a1da6ce0a1bf3676be287d7 https://git.kernel.org/stable/c/87d076987a9ba106c83412fcd113656f71af05a1 https://git.kernel.org/stable/c/e033da39fc6abbddab6c29624acef80757f273fa https://git.kernel.org/stable/c/784b78295a3a58bf052339dd669e6e03710220d3 https://git.kernel.org/stable/c/13cba3f837903f7184d6e9b6137d5165ffe82a8f https://git.kernel.org/stable/c/a6644aeb8ddf196dec5f8e782293c36f065df4d7 https://git.kernel.org/stable/c/4eceb7eae6ea7c950384c34e6dbbe872c981935f https://git.kernel.org/stable/c/f6205f8215f12a96518ac9469ff76294ae7bd612
Powered by blists - more mailing lists