| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025070326-CVE-2025-38119-9bbe@gregkh> Date: Thu, 3 Jul 2025 10:35:36 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latter function can only succeed if UFSHCD_EH_IN_PROGRESS is not set because resuming involves submitting a SCSI command and ufshcd_queuecommand() returns SCSI_MLQUEUE_HOST_BUSY if UFSHCD_EH_IN_PROGRESS is set. Fix this hang by setting UFSHCD_EH_IN_PROGRESS after ufshcd_rpm_get_sync() has been called instead of before. Backtrace: __switch_to+0x174/0x338 __schedule+0x600/0x9e4 schedule+0x7c/0xe8 schedule_timeout+0xa4/0x1c8 io_schedule_timeout+0x48/0x70 wait_for_common_io+0xa8/0x160 //waiting on START_STOP wait_for_completion_io_timeout+0x10/0x20 blk_execute_rq+0xe4/0x1e4 scsi_execute_cmd+0x108/0x244 ufshcd_set_dev_pwr_mode+0xe8/0x250 __ufshcd_wl_resume+0x94/0x354 ufshcd_wl_runtime_resume+0x3c/0x174 scsi_runtime_resume+0x64/0xa4 rpm_resume+0x15c/0xa1c __pm_runtime_resume+0x4c/0x90 // Runtime resume ongoing ufshcd_err_handler+0x1a0/0xd08 process_one_work+0x174/0x808 worker_thread+0x15c/0x490 kthread+0xf4/0x1ec ret_from_fork+0x10/0x20 [ bvanassche: rewrote patch description ] The Linux kernel CVE team has assigned CVE-2025-38119 to this issue. Affected and fixed versions =========================== Issue introduced in 3.12 with commit 62694735ca95c74dac4eb9068d59801ac0ddebaf and fixed in 5.15.186 with commit f592eb12b43f21dbc972cbe583a12d256901e569 Issue introduced in 3.12 with commit 62694735ca95c74dac4eb9068d59801ac0ddebaf and fixed in 6.1.142 with commit ded80255c59a57cd3270d98461f6508730f9767c Issue introduced in 3.12 with commit 62694735ca95c74dac4eb9068d59801ac0ddebaf and fixed in 6.6.94 with commit 21f071261f946c5ca1adf378f818082a112b34d2 Issue introduced in 3.12 with commit 62694735ca95c74dac4eb9068d59801ac0ddebaf and fixed in 6.12.34 with commit 3464a707d137efc8aea1d4ae234d26a28d82b78c Issue introduced in 3.12 with commit 62694735ca95c74dac4eb9068d59801ac0ddebaf and fixed in 6.15.3 with commit bb37f795d01961286b8f768a6d7152f32b589067 Issue introduced in 3.12 with commit 62694735ca95c74dac4eb9068d59801ac0ddebaf and fixed in 6.16-rc2 with commit 8a3514d348de87a9d5e2ac00fbac4faae0b97996 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38119 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/ufs/core/ufshcd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f592eb12b43f21dbc972cbe583a12d256901e569 https://git.kernel.org/stable/c/ded80255c59a57cd3270d98461f6508730f9767c https://git.kernel.org/stable/c/21f071261f946c5ca1adf378f818082a112b34d2 https://git.kernel.org/stable/c/3464a707d137efc8aea1d4ae234d26a28d82b78c https://git.kernel.org/stable/c/bb37f795d01961286b8f768a6d7152f32b589067 https://git.kernel.org/stable/c/8a3514d348de87a9d5e2ac00fbac4faae0b97996
Powered by blists - more mailing lists