| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025071015-CVE-2025-38313-4e5a@gregkh> Date: Thu, 10 Jul 2025 09:42:54 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38313: bus: fsl-mc: fix double-free on mc_dev From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable. In case the MC device is a DPRC, a new mc_bus is allocated and the mc_dev variable is just a reference to one of its fields. In this circumstance, on the error path only the mc_bus should be freed. This commit introduces back the following checkpatch warning which is a false-positive. WARNING: kfree(NULL) is safe and this check is probably not required + if (mc_bus) + kfree(mc_bus); The Linux kernel CVE team has assigned CVE-2025-38313 to this issue. Affected and fixed versions =========================== Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 5.4.295 with commit 12e4431e5078847791936820bd39df9e1ee26d2e Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 5.10.239 with commit 3135e03a92f6b5259d0a7f25f728e9e7866ede3f Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 5.15.186 with commit 7002b954c4a8b9965ba0f139812ee4a6f71beac8 Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 6.1.142 with commit b2057374f326303c86d8423415ab58656eebc695 Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 6.6.94 with commit 4b23c46eb2d88924b93aca647bde9a4b9cf62cf9 Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 6.12.34 with commit 1d5baab39e5b09a76870b345cdee7933871b881f Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 6.15.3 with commit 873d47114fd5e5a1cad2018843671537cc71ac84 Issue introduced in 4.13 with commit a042fbed02904493ae6df26ec836045f5a7d3ce2 and fixed in 6.16-rc1 with commit d694bf8a9acdbd061596f3e7549bc8cb70750a60 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38313 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/bus/fsl-mc/fsl-mc-bus.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/12e4431e5078847791936820bd39df9e1ee26d2e https://git.kernel.org/stable/c/3135e03a92f6b5259d0a7f25f728e9e7866ede3f https://git.kernel.org/stable/c/7002b954c4a8b9965ba0f139812ee4a6f71beac8 https://git.kernel.org/stable/c/b2057374f326303c86d8423415ab58656eebc695 https://git.kernel.org/stable/c/4b23c46eb2d88924b93aca647bde9a4b9cf62cf9 https://git.kernel.org/stable/c/1d5baab39e5b09a76870b345cdee7933871b881f https://git.kernel.org/stable/c/873d47114fd5e5a1cad2018843671537cc71ac84 https://git.kernel.org/stable/c/d694bf8a9acdbd061596f3e7549bc8cb70750a60
Powered by blists - more mailing lists