| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025081627-CVE-2025-38546-f8fa@gregkh> Date: Sat, 16 Aug 2025 13:22:32 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc. From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the socket is close()d, and then clip_push() frees clip_vcc. However, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in atm_init_atmarp(), resulting in memory leak. Let's serialise two ioctl() by lock_sock() and check vcc->push() in atm_init_atmarp() to prevent memleak. The Linux kernel CVE team has assigned CVE-2025-38546 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.4.296 with commit 2fb37ab3226606cbfc9b2b6f9e301b0b735734c5 Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.10.240 with commit 9e4dbeee56f614e3f1e166e5d0655a999ea185ef Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 5.15.189 with commit 1c075e88d5859a2c6b43b27e0e46fb281cef8039 Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.1.146 with commit 0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90 Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.6.99 with commit 1fb9fb5a4b5cec2d56e26525ef8c519de858fa60 Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.12.39 with commit 9f771816f14da6d6157a8c30069091abf6b566fb Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.15.7 with commit cb2e4a2f8f268d8fba6662f663a2e57846f14a8d Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.16 with commit 62dba28275a9a3104d4e33595c7b3328d4032d8d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38546 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/atm/clip.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2fb37ab3226606cbfc9b2b6f9e301b0b735734c5 https://git.kernel.org/stable/c/9e4dbeee56f614e3f1e166e5d0655a999ea185ef https://git.kernel.org/stable/c/1c075e88d5859a2c6b43b27e0e46fb281cef8039 https://git.kernel.org/stable/c/0c17ff462d98c997d707ee5cf4e4a9b1b52b9d90 https://git.kernel.org/stable/c/1fb9fb5a4b5cec2d56e26525ef8c519de858fa60 https://git.kernel.org/stable/c/9f771816f14da6d6157a8c30069091abf6b566fb https://git.kernel.org/stable/c/cb2e4a2f8f268d8fba6662f663a2e57846f14a8d https://git.kernel.org/stable/c/62dba28275a9a3104d4e33595c7b3328d4032d8d
Powered by blists - more mailing lists