lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <2025072502-CVE-2025-38441-bb71@gregkh>
Date: Fri, 25 Jul 2025 17:28:03 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

From: Greg Kroah-Hartman <gregkh@...nel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()

syzbot found a potential access to uninit-value in nf_flow_pppoe_proto()

Blamed commit forgot the Ethernet header.

BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
  nf_flow_offload_inet_hook+0x7e4/0x940 net/netfilter/nf_flow_table_inet.c:27
  nf_hook_entry_hookfn include/linux/netfilter.h:157 [inline]
  nf_hook_slow+0xe1/0x3d0 net/netfilter/core.c:623
  nf_hook_ingress include/linux/netfilter_netdev.h:34 [inline]
  nf_ingress net/core/dev.c:5742 [inline]
  __netif_receive_skb_core+0x4aff/0x70c0 net/core/dev.c:5837
  __netif_receive_skb_one_core net/core/dev.c:5975 [inline]
  __netif_receive_skb+0xcc/0xac0 net/core/dev.c:6090
  netif_receive_skb_internal net/core/dev.c:6176 [inline]
  netif_receive_skb+0x57/0x630 net/core/dev.c:6235
  tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485
  tun_get_user+0x4ee0/0x6b40 drivers/net/tun.c:1938
  tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1984
  new_sync_write fs/read_write.c:593 [inline]
  vfs_write+0xb4b/0x1580 fs/read_write.c:686
  ksys_write fs/read_write.c:738 [inline]
  __do_sys_write fs/read_write.c:749 [inline]

The Linux kernel CVE team has assigned CVE-2025-38441 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.15.157 with commit d06977b9a4109f8738bb276125eb6a0b772bc433 and fixed in 5.15.189 with commit a3aea97d55964e70a1e6426aa4cafdc036e8a2dd
	Issue introduced in 6.1.88 with commit 8bf7c76a2a207ca2b4cfda0a279192adf27678d7 and fixed in 6.1.146 with commit eed8960b289327235185b7c32649c3470a3e969b
	Issue introduced in 6.6.29 with commit a2471d271042ea18e8a6babc132a8716bb2f08b9 and fixed in 6.6.99 with commit 9fbc49429a23b02595ba82536c5ea425fdabb221
	Issue introduced in 6.9 with commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf and fixed in 6.12.39 with commit e0dd2e9729660f3f4fcb16e0aef87342911528ef
	Issue introduced in 6.9 with commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf and fixed in 6.15.7 with commit cfbf0665969af2c69d10c377d4c3d306e717efb4
	Issue introduced in 6.9 with commit 87b3593bed1868b2d9fe096c01bcdf0ea86cbebf and fixed in 6.16-rc6 with commit 18cdb3d982da8976b28d57691eb256ec5688fad2
	Issue introduced in 6.8.8 with commit cf366ee3bc1b7d1c76a882640ba3b3f8f1039163

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-38441
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	include/net/netfilter/nf_flow_table.h


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/a3aea97d55964e70a1e6426aa4cafdc036e8a2dd
	https://git.kernel.org/stable/c/eed8960b289327235185b7c32649c3470a3e969b
	https://git.kernel.org/stable/c/9fbc49429a23b02595ba82536c5ea425fdabb221
	https://git.kernel.org/stable/c/e0dd2e9729660f3f4fcb16e0aef87342911528ef
	https://git.kernel.org/stable/c/cfbf0665969af2c69d10c377d4c3d306e717efb4
	https://git.kernel.org/stable/c/18cdb3d982da8976b28d57691eb256ec5688fad2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ