| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025070933-CVE-2025-38239-678a@gregkh> Date: Wed, 9 Jul 2025 12:42:32 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38239: scsi: megaraid_sas: Fix invalid node index From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0 ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask *[1024]' dump_stack_lvl+0x5d/0x80 ubsan_epilogue+0x5/0x2b __ubsan_handle_out_of_bounds.cold+0x46/0x4b megasas_alloc_irq_vectors+0x149/0x190 [megaraid_sas] megasas_probe_one.cold+0xa4d/0x189c [megaraid_sas] local_pci_probe+0x42/0x90 pci_device_probe+0xdc/0x290 really_probe+0xdb/0x340 __driver_probe_device+0x78/0x110 driver_probe_device+0x1f/0xa0 __driver_attach+0xba/0x1c0 bus_for_each_dev+0x8b/0xe0 bus_add_driver+0x142/0x220 driver_register+0x72/0xd0 megasas_init+0xdf/0xff0 [megaraid_sas] do_one_initcall+0x57/0x310 do_init_module+0x90/0x250 init_module_from_file+0x85/0xc0 idempotent_init_module+0x114/0x310 __x64_sys_finit_module+0x65/0xc0 do_syscall_64+0x82/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Fix it accordingly. The Linux kernel CVE team has assigned CVE-2025-38239 to this issue. Affected and fixed versions =========================== Issue introduced in 5.17 with commit 8049da6f3943d0ac51931b8064b2e4769a69a967 and fixed in 6.1.143 with commit f1064b3532192e987ab17be7281d5fee36fd25e1 Issue introduced in 5.17 with commit 8049da6f3943d0ac51931b8064b2e4769a69a967 and fixed in 6.6.96 with commit bf2c1643abc3b2507d56bb6c22bf9897272f8a35 Issue introduced in 5.17 with commit 8049da6f3943d0ac51931b8064b2e4769a69a967 and fixed in 6.12.36 with commit 19a47c966deb36624843b7301f0373a3dc541a05 Issue introduced in 5.17 with commit 8049da6f3943d0ac51931b8064b2e4769a69a967 and fixed in 6.15.5 with commit 074efb35552556a4b3b25eedab076d5dc24a8199 Issue introduced in 5.17 with commit 8049da6f3943d0ac51931b8064b2e4769a69a967 and fixed in 6.16-rc4 with commit 752eb816b55adb0673727ba0ed96609a17895654 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38239 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/megaraid/megaraid_sas_base.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/f1064b3532192e987ab17be7281d5fee36fd25e1 https://git.kernel.org/stable/c/bf2c1643abc3b2507d56bb6c22bf9897272f8a35 https://git.kernel.org/stable/c/19a47c966deb36624843b7301f0373a3dc541a05 https://git.kernel.org/stable/c/074efb35552556a4b3b25eedab076d5dc24a8199 https://git.kernel.org/stable/c/752eb816b55adb0673727ba0ed96609a17895654
Powered by blists - more mailing lists