| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025072502-CVE-2025-38441-bb71@gregkh> Date: Fri, 25 Jul 2025 17:28:03 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27 nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline] nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623 nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline] nf_ingress net/core/dev.c:5742 [inline] __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837 __netif_receive_skb_one_core net/core/dev.c:5975 [inline] __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090 netif_receive_skb_internal net/core/dev.c:6176 [inline] netif_receive_skb+0x57/0x630 net/core/dev.c:6235 tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485 tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938 tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984 new_sync_write fs/read_write.c:593 [inline] vfs_write+0xb4b/0x1580 fs/read_write.c:686 ksys_write fs/read_write.c:738 [inline] __do_sys_write fs/read_write.c:749 [inline] The Linux kernel CVE team has assigned CVE-2025-38441 to this issue. Affected and fixed versions =========================== Issue introduced in 5.15.157 with commit d06977b9a4109f8738bb276125eb6a0b772bc433 and fixed in 5.15.189 with commit a3aea97d55964e70a1e6426aa4cafdc036e8a2dd Issue introduced in 6.1.88 with commit 8bf7c76a2a207ca2b4cfda0a279192adf27678d7 and fixed in 6.1.146 with commit eed8960b289327235185b7c32649c3470a3e969b Issue introduced in 6.6.29 with commit a2471d271042ea18e8a6babc132a8716bb2f08b9 and fixed in 6.6.99 with commit 9fbc49429a23b02595ba82536c5ea425fdabb221 Issue introduced in 6.9 with commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf and fixed in 6.12.39 with commit e0dd2e9729660f3f4fcb16e0aef87342911528ef Issue introduced in 6.9 with commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf and fixed in 6.15.7 with commit cfbf0665969af2c69d10c377d4c3d306e717efb4 Issue introduced in 6.9 with commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf and fixed in 6.16-rc6 with commit 18cdb3d982da8976b28d57691eb256ec5688fad2 Issue introduced in 6.8.8 with commit cf366ee3bc1b7d1c76a882640ba3b3f8f1039163 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38441 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: include/net/netfilter/nf_flow_table.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa4cafdc036e8a2dd https://git.kernel.org/stable/c/eed8960b289327235185b7c32649c3470a3e969b https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536c5ea425fdabb221 https://git.kernel.org/stable/c/e0dd2e9729660f3f4fcb16e0aef87342911528ef https://git.kernel.org/stable/c/cfbf0665969af2c69d10c377d4c3d306e717efb4 https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2
Powered by blists - more mailing lists