lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2025070430-CVE-2025-38233-38e0@gregkh>
Date: Fri,  4 Jul 2025 15:38:02 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38233: powerpc64/ftrace: fix clobbered r15 during livepatching

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

powerpc64/ftrace: fix clobbered r15 during livepatching

While r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is
not restored in livepatch sequence leading to not so obvious fails
like below:

  BUG: Unable to handle kernel data access on write at 0xc0000000000f9078
  Faulting instruction address: 0xc0000000018ff958
  Oops: Kernel access of bad area, sig: 11 [#1]
  ...
  NIP:  c0000000018ff958 LR: c0000000018ff930 CTR: c0000000009c0790
  REGS: c00000005f2e7790 TRAP: 0300   Tainted: G              K      (6.14.0+)
  MSR:  8000000000009033 <SF,EE,ME,IR,DR,RI,LE>  CR: 2822880b  XER: 20040000
  CFAR: c0000000008addc0 DAR: c0000000000f9078 DSISR: 0a000000 IRQMASK: 1
  GPR00: c0000000018f2584 c00000005f2e7a30 c00000000280a900 c000000017ffa488
  GPR04: 0000000000000008 0000000000000000 c0000000018f24fc 000000000000000d
  GPR08: fffffffffffe0000 000000000000000d 0000000000000000 0000000000008000
  GPR12: c0000000009c0790 c000000017ffa480 c00000005f2e7c78 c0000000000f9070
  GPR16: c00000005f2e7c90 0000000000000000 0000000000000000 0000000000000000
  GPR20: 0000000000000000 c00000005f3efa80 c00000005f2e7c60 c00000005f2e7c88
  GPR24: c00000005f2e7c60 0000000000000001 c0000000000f9078 0000000000000000
  GPR28: 00007fff97960000 c000000017ffa480 0000000000000000 c0000000000f9078
  ...
  Call Trace:
    check_heap_object+0x34/0x390 (unreliable)
  __mutex_unlock_slowpath.isra.0+0xe4/0x230
  seq_read_iter+0x430/0xa90
  proc_reg_read_iter+0xa4/0x200
  vfs_read+0x41c/0x510
  ksys_read+0xa4/0x190
  system_call_exception+0x1d0/0x440
  system_call_vectored_common+0x15c/0x2ec

Fix it by restoring r15 always.

The Linux kernel CVE team has assigned CVE-2025-38233 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 6.13 with commit eec37961a56aa4f3fe1c33ffd48eec7d1bb0c009 and fixed in 6.15.4 with commit a9212bf5ca640232254b31330e86272fe4073bc9
	Issue introduced in 6.13 with commit eec37961a56aa4f3fe1c33ffd48eec7d1bb0c009 and fixed in 6.16-rc1 with commit cb5b691f8273432297611863ac142e17119279e0

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-38233
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	arch/powerpc/kernel/trace/ftrace_entry.S


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/a9212bf5ca640232254b31330e86272fe4073bc9
	https://git.kernel.org/stable/c/cb5b691f8273432297611863ac142e17119279e0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ