lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025070411-CVE-2025-38183-1283@gregkh> Date: Fri, 4 Jul 2025 15:37:12 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38183: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum value of PCI11X1X_PTP_IO_MAX_CHANNELS(8). This seems correct and aligns with the PTP interrupt status register (PTP_INT_STS) specifications. However, lan743x_ptp_io_event_clock_get() writes to ptp->extts[] with only LAN743X_PTP_N_EXTTS(4) elements, using channel as an index: lan743x_ptp_io_event_clock_get(..., u8 channel,...) { ... /* Update Local timestamp */ extts = &ptp->extts[channel]; extts->ts.tv_sec = sec; ... } To avoid an out-of-bounds write and utilize all the supported GPIO inputs, set LAN743X_PTP_N_EXTTS to 8. Detected using the static analysis tool - Svace. The Linux kernel CVE team has assigned CVE-2025-38183 to this issue. Affected and fixed versions =========================== Issue introduced in 5.18 with commit 60942c397af6094c04406b77982314dfe69ef3c4 and fixed in 6.1.142 with commit e8d48201a132f4aab31351c19a802c5a5ae820fa Issue introduced in 5.18 with commit 60942c397af6094c04406b77982314dfe69ef3c4 and fixed in 6.6.95 with commit 66bba1fd5bad548c03f7e42669a59f3f4d8211cc Issue introduced in 5.18 with commit 60942c397af6094c04406b77982314dfe69ef3c4 and fixed in 6.12.35 with commit 41017bd66c533f7af912c58273c7dfd5de0065d4 Issue introduced in 5.18 with commit 60942c397af6094c04406b77982314dfe69ef3c4 and fixed in 6.15.4 with commit 4da0d23516857230b8e9b3022e25422ee2e2ba80 Issue introduced in 5.18 with commit 60942c397af6094c04406b77982314dfe69ef3c4 and fixed in 6.16-rc3 with commit e353b0854d3a1a31cb061df8d022fbfea53a0f24 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38183 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/microchip/lan743x_ptp.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e8d48201a132f4aab31351c19a802c5a5ae820fa https://git.kernel.org/stable/c/66bba1fd5bad548c03f7e42669a59f3f4d8211cc https://git.kernel.org/stable/c/41017bd66c533f7af912c58273c7dfd5de0065d4 https://git.kernel.org/stable/c/4da0d23516857230b8e9b3022e25422ee2e2ba80 https://git.kernel.org/stable/c/e353b0854d3a1a31cb061df8d022fbfea53a0f24
Powered by blists - more mailing lists