| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025072506-CVE-2025-38383-c967@gregkh> Date: Fri, 25 Jul 2025 14:55:14 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix data race in show_numa_info() The following data-race was found in show_numa_info(): ================================================================== BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0: show_numa_info mm/vmalloc.c:4936 [inline] vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1: show_numa_info mm/vmalloc.c:4934 [inline] vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016 seq_read_iter+0x373/0xb40 fs/seq_file.c:230 proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299 .... value changed: 0x0000008f -> 0x00000000 ================================================================== According to this report,there is a read/write data-race because m->private is accessible to multiple CPUs. To fix this, instead of allocating the heap in proc_vmalloc_init() and passing the heap address to m->private, vmalloc_info_show() should allocate the heap. The Linux kernel CVE team has assigned CVE-2025-38383 to this issue. Affected and fixed versions =========================== Issue introduced in 6.9 with commit 8e1d743f2c2671aa54f6f91a2b33823f92512870 and fixed in 6.12.37 with commit ead91de35d9cd5c4f80ec51e6020f342079170af Issue introduced in 6.9 with commit 8e1d743f2c2671aa54f6f91a2b33823f92512870 and fixed in 6.15.6 with commit 5c966f447a584ece3c70395898231aeb56256ee7 Issue introduced in 6.9 with commit 8e1d743f2c2671aa54f6f91a2b33823f92512870 and fixed in 6.16-rc1 with commit 5c5f0468d172ddec2e333d738d2a1f85402cf0bc Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38383 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: mm/vmalloc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/ead91de35d9cd5c4f80ec51e6020f342079170af https://git.kernel.org/stable/c/5c966f447a584ece3c70395898231aeb56256ee7 https://git.kernel.org/stable/c/5c5f0468d172ddec2e333d738d2a1f85402cf0bc
Powered by blists - more mailing lists