| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025071016-CVE-2025-38317-efbf@gregkh> Date: Thu, 10 Jul 2025 09:42:58 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38317: wifi: ath12k: Fix buffer overflow in debugfs From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix buffer overflow in debugfs If the user tries to write more than 32 bytes then it results in memory corruption. Fortunately, this is debugfs so it's limited to root users. The Linux kernel CVE team has assigned CVE-2025-38317 to this issue. Affected and fixed versions =========================== Issue introduced in 6.11 with commit 3f73c24f28b317f22df7870c25ff82f1d625c6c2 and fixed in 6.12.34 with commit 0c57aa8ef94cffc5c2d68230e19329a03e71a94f Issue introduced in 6.11 with commit 3f73c24f28b317f22df7870c25ff82f1d625c6c2 and fixed in 6.15.3 with commit 8c4a200d03574bfcbf54fdb7ba5968b58ad2e0b3 Issue introduced in 6.11 with commit 3f73c24f28b317f22df7870c25ff82f1d625c6c2 and fixed in 6.16-rc1 with commit 8c7a5031a6b0d42e640fbd2d5d05f61f74e32dce Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38317 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/0c57aa8ef94cffc5c2d68230e19329a03e71a94f https://git.kernel.org/stable/c/8c4a200d03574bfcbf54fdb7ba5968b58ad2e0b3 https://git.kernel.org/stable/c/8c7a5031a6b0d42e640fbd2d5d05f61f74e32dce
Powered by blists - more mailing lists