| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025061830-CVE-2025-38046-3356@gregkh>
Date: Wed, 18 Jun 2025 11:33:42 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38046: xen: Add support for XenServer 6.1 platform device
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
xen: Add support for XenServer 6.1 platform device
On XenServer on Windows machine a platform device with ID 2 instead of
1 is used.
This device is mainly identical to device 1 but due to some Windows
update behaviour it was decided to use a device with a different ID.
This causes compatibility issues with Linux which expects, if Xen
is detected, to find a Xen platform device (5853:0001) otherwise code
will crash due to some missing initialization (specifically grant
tables). Specifically from dmesg
RIP: 0010:gnttab_expand+0x29/0x210
Code: 90 0f 1f 44 00 00 55 31 d2 48 89 e5 41 57 41 56 41 55 41 89 fd
41 54 53 48 83 ec 10 48 8b 05 7e 9a 49 02 44 8b 35 a7 9a 49 02
<8b> 48 04 8d 44 39 ff f7 f1 45 8d 24 06 89 c3 e8 43 fe ff ff
44 39
RSP: 0000:ffffba34c01fbc88 EFLAGS: 00010086
...
The device 2 is presented by Xapi adding device specification to
Qemu command line.
The Linux kernel CVE team has assigned CVE-2025-38046 to this issue.
Affected and fixed versions
===========================
Fixed in 5.4.294 with commit baedd1ef924d2b04d6223e0e1633e2d84fee6763
Fixed in 5.10.238 with commit 5239ba49ad23a2285b4c2d15bec71566d32e0300
Fixed in 5.15.185 with commit 7258b92ceff342912945eaaf8787ca3b83dbae21
Fixed in 6.1.141 with commit 02d850de9495699f2029886a6a69f0ed07a39b84
Fixed in 6.6.93 with commit 0fb6c439d265f09785a561fd2c637af567641cab
Fixed in 6.12.31 with commit f5363ffdabc2a281bd0023584944e3d0c25dfcd3
Fixed in 6.14.9 with commit 55c3a07c0d96f5328e8fd5ffbf1448b60683f6fd
Fixed in 6.15 with commit 2356f15caefc0cc63d9cc5122641754f76ef9b25
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38046
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/xen/platform-pci.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/baedd1ef924d2b04d6223e0e1633e2d84fee6763
https://git.kernel.org/stable/c/5239ba49ad23a2285b4c2d15bec71566d32e0300
https://git.kernel.org/stable/c/7258b92ceff342912945eaaf8787ca3b83dbae21
https://git.kernel.org/stable/c/02d850de9495699f2029886a6a69f0ed07a39b84
https://git.kernel.org/stable/c/0fb6c439d265f09785a561fd2c637af567641cab
https://git.kernel.org/stable/c/f5363ffdabc2a281bd0023584944e3d0c25dfcd3
https://git.kernel.org/stable/c/55c3a07c0d96f5328e8fd5ffbf1448b60683f6fd
https://git.kernel.org/stable/c/2356f15caefc0cc63d9cc5122641754f76ef9b25
Powered by blists - more mailing lists