| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025072501-CVE-2025-38439-3f3b@gregkh> Date: Fri, 25 Jul 2025 17:28:01 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT When transmitting an XDP_REDIRECT packet, call dma_unmap_len_set() with the proper length instead of 0. This bug triggers this warning on a system with IOMMU enabled: WARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170 RIP: 0010:__iommu_dma_unmap+0x159/0x170 Code: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45 b8 4c 89 45 c0 e9 77 ff ff ff <0f> 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00 RSP: 0018:ff22d31181150c88 EFLAGS: 00010206 RAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000 R10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000 R13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00 FS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0 PKRU: 55555554 Call Trace: <IRQ> ? show_regs+0x6d/0x80 ? __warn+0x89/0x160 ? __iommu_dma_unmap+0x159/0x170 ? report_bug+0x17e/0x1b0 ? handle_bug+0x46/0x90 ? exc_invalid_op+0x18/0x80 ? asm_exc_invalid_op+0x1b/0x20 ? __iommu_dma_unmap+0x159/0x170 ? __iommu_dma_unmap+0xb3/0x170 iommu_dma_unmap_page+0x4f/0x100 dma_unmap_page_attrs+0x52/0x220 ? srso_alias_return_thunk+0x5/0xfbef5 ? xdp_return_frame+0x2e/0xd0 bnxt_tx_int_xdp+0xdf/0x440 [bnxt_en] __bnxt_poll_work_done+0x81/0x1e0 [bnxt_en] bnxt_poll+0xd3/0x1e0 [bnxt_en] The Linux kernel CVE team has assigned CVE-2025-38439 to this issue. Affected and fixed versions =========================== Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 5.4.296 with commit e260f4d49370c85a4701d43c6d16b8c39f8b605f Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 5.10.240 with commit 16ae306602163fcb7ae83f2701b542e43c100cee Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 5.15.189 with commit 8d672a1a6bfc81fef9151925c9c0481f4acf4bec Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 6.1.146 with commit f9eaf6d036075dc820520e1194692c0619b7297b Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 6.6.99 with commit 5909679a82cd74cf0343d9e3ddf4b6931aa7e613 Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 6.12.39 with commit f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 6.15.7 with commit 50dad9909715094e7d9ca25e9e0412b875987519 Issue introduced in 5.3 with commit f18c2b77b2e4eec2313d519ba125bd6a069513cf and fixed in 6.16-rc6 with commit 3cdf199d4755d477972ee87110b2aebc88b3cfad Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38439 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/broadcom/bnxt/bnxt_xdp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e260f4d49370c85a4701d43c6d16b8c39f8b605f https://git.kernel.org/stable/c/16ae306602163fcb7ae83f2701b542e43c100cee https://git.kernel.org/stable/c/8d672a1a6bfc81fef9151925c9c0481f4acf4bec https://git.kernel.org/stable/c/f9eaf6d036075dc820520e1194692c0619b7297b https://git.kernel.org/stable/c/5909679a82cd74cf0343d9e3ddf4b6931aa7e613 https://git.kernel.org/stable/c/f154e41e1d9d15ab21300ba7bbf0ebb5cb3b9c2a https://git.kernel.org/stable/c/50dad9909715094e7d9ca25e9e0412b875987519 https://git.kernel.org/stable/c/3cdf199d4755d477972ee87110b2aebc88b3cfad
Powered by blists - more mailing lists