lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025070342-CVE-2025-38169-11b6@gregkh> Date: Thu, 3 Jul 2025 10:36:25 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38169: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may be erroneously clobbered during a context switch immediately after that state is restored. Systems without SME are unaffected. If the CPU happens to be in streaming SVE mode before a context switch to a thread with kernel FPSIMD state, fpsimd_thread_switch() will restore the kernel FPSIMD state using fpsimd_load_kernel_state() while the CPU is still in streaming SVE mode. When fpsimd_thread_switch() subsequently calls fpsimd_flush_cpu_state(), this will execute an SMSTOP, causing an exit from streaming SVE mode. The exit from streaming SVE mode will cause the hardware to reset a number of FPSIMD/SVE/SME registers, clobbering the FPSIMD state. Fix this by calling fpsimd_flush_cpu_state() before restoring the kernel FPSIMD state. The Linux kernel CVE team has assigned CVE-2025-38169 to this issue. Affected and fixed versions =========================== Issue introduced in 6.10 with commit e92bee9f861b466c676f0200be3e46af7bc4ac6b and fixed in 6.12.34 with commit 55d52af498daea75aa03ba9b7e444c8ae495ac20 Issue introduced in 6.10 with commit e92bee9f861b466c676f0200be3e46af7bc4ac6b and fixed in 6.15.3 with commit a305821f597ec943849d3e53924adb88c61ed682 Issue introduced in 6.10 with commit e92bee9f861b466c676f0200be3e46af7bc4ac6b and fixed in 6.16-rc1 with commit 01098d893fa8a6edb2b56e178b798e3e6b674f02 Issue introduced in 6.8.12 with commit e003c485ac82a9f8de4204912ed059ac6dd4257c Issue introduced in 6.9.3 with commit 25b90cd122d546823da90b916f7c3289dfe83a99 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38169 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm64/kernel/fpsimd.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/55d52af498daea75aa03ba9b7e444c8ae495ac20 https://git.kernel.org/stable/c/a305821f597ec943849d3e53924adb88c61ed682 https://git.kernel.org/stable/c/01098d893fa8a6edb2b56e178b798e3e6b674f02
Powered by blists - more mailing lists