| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025072505-CVE-2025-38382-c4f2@gregkh> Date: Fri, 25 Jul 2025 14:55:13 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38382: btrfs: fix iteration of extrefs during log replay From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: btrfs: fix iteration of extrefs during log replay At __inode_add_ref() when processing extrefs, if we jump into the next label we have an undefined value of victim_name.len, since we haven't initialized it before we did the goto. This results in an invalid memory access in the next iteration of the loop since victim_name.len was not initialized to the length of the name of the current extref. Fix this by initializing victim_name.len with the current extref's name length. The Linux kernel CVE team has assigned CVE-2025-38382 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.57 with commit 1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e and fixed in 6.1.144 with commit 539969fc472886a1d63565459514d47e27fef461 Issue introduced in 6.2 with commit e43eec81c5167b655b72c781b0e75e62a05e415e and fixed in 6.6.97 with commit 2d11d274e2e1d7c79e2ca8461ce3ff3a95c11171 Issue introduced in 6.2 with commit e43eec81c5167b655b72c781b0e75e62a05e415e and fixed in 6.12.37 with commit 7ac790dc2ba00499a8d671d4a24de4d4ad27e234 Issue introduced in 6.2 with commit e43eec81c5167b655b72c781b0e75e62a05e415e and fixed in 6.15.6 with commit aee57a0293dca675637e5504709f9f8fd8e871be Issue introduced in 6.2 with commit e43eec81c5167b655b72c781b0e75e62a05e415e and fixed in 6.16-rc5 with commit 54a7081ed168b72a8a2d6ef4ba3a1259705a2926 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38382 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/btrfs/tree-log.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/539969fc472886a1d63565459514d47e27fef461 https://git.kernel.org/stable/c/2d11d274e2e1d7c79e2ca8461ce3ff3a95c11171 https://git.kernel.org/stable/c/7ac790dc2ba00499a8d671d4a24de4d4ad27e234 https://git.kernel.org/stable/c/aee57a0293dca675637e5504709f9f8fd8e871be https://git.kernel.org/stable/c/54a7081ed168b72a8a2d6ef4ba3a1259705a2926
Powered by blists - more mailing lists