| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025071032-CVE-2025-38326-6186@gregkh> Date: Thu, 10 Jul 2025 10:15:34 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38326: aoe: clean device rq_list in aoedev_downdev() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: aoe: clean device rq_list in aoedev_downdev() An aoe device's rq_list contains accepted block requests that are waiting to be transmitted to the aoe target. This queue was added as part of the conversion to blk_mq. However, the queue was not cleaned out when an aoe device is downed which caused blk_mq_freeze_queue() to sleep indefinitely waiting for those requests to complete, causing a hang. This fix cleans out the queue before calling blk_mq_freeze_queue(). The Linux kernel CVE team has assigned CVE-2025-38326 to this issue. Affected and fixed versions =========================== Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 5.4.295 with commit ed52e9652ba41d362e9ec923077f6da23336f269 Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 5.10.239 with commit 64fc0bad62ed38874131dd0337d844a43bd1017e Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 5.15.186 with commit ef0b5bbbed7f220db2e9c73428f9a36e8dfc69ca Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 6.1.142 with commit 531aef4a1accb13b21a3b82ec29955f4733367d5 Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 6.6.95 with commit 8662ac79a63488e279b91c12a72b02bc0dc49f7b Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 6.12.35 with commit fa2a79f0da92614c5dc45c8b3d2638681c7734ee Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 6.15.4 with commit 00be74e1470af292c37a438b8e69dee47dcbf481 Issue introduced in 4.20 with commit 3582dd291788e9441c3ba9047e55089edb98da5c and fixed in 6.16-rc3 with commit 7f90d45e57cb2ef1f0adcaf925ddffdfc5e680ca Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38326 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/block/aoe/aoedev.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ed52e9652ba41d362e9ec923077f6da23336f269 https://git.kernel.org/stable/c/64fc0bad62ed38874131dd0337d844a43bd1017e https://git.kernel.org/stable/c/ef0b5bbbed7f220db2e9c73428f9a36e8dfc69ca https://git.kernel.org/stable/c/531aef4a1accb13b21a3b82ec29955f4733367d5 https://git.kernel.org/stable/c/8662ac79a63488e279b91c12a72b02bc0dc49f7b https://git.kernel.org/stable/c/fa2a79f0da92614c5dc45c8b3d2638681c7734ee https://git.kernel.org/stable/c/00be74e1470af292c37a438b8e69dee47dcbf481 https://git.kernel.org/stable/c/7f90d45e57cb2ef1f0adcaf925ddffdfc5e680ca
Powered by blists - more mailing lists