| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025081652-CVE-2025-38515-7495@gregkh> Date: Sat, 16 Aug 2025 12:57:57 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38515: drm/sched: Increment job count before swapping tail spsc queue From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/sched: Increment job count before swapping tail spsc queue A small race exists between spsc_queue_push and the run-job worker, in which spsc_queue_push may return not-first while the run-job worker has already idled due to the job count being zero. If this race occurs, job scheduling stops, leading to hangs while waiting on the job’s DMA fences. Seal this race by incrementing the job count before appending to the SPSC queue. This race was observed on a drm-tip 6.16-rc1 build with the Xe driver in an SVM test case. The Linux kernel CVE team has assigned CVE-2025-38515 to this issue. Affected and fixed versions =========================== Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 5.4.296 with commit 549a9c78c3ea6807d0dc4162a4f5ba59f217d5a0 Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 5.10.240 with commit e62f51d0ec8a9baf324caf9a564f8e318d36a551 Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 5.15.189 with commit ef841f8e4e1ff67817ca899bedc5ebb00847c0a7 Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 6.1.146 with commit f9a4f28a4fc4ee453a92a9abbe36e26224d17749 Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 6.6.99 with commit c64f5310530baf75328292f9b9f3f2961d185183 Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 6.12.39 with commit e2d6547dc8b9b332f9bc00875197287a6a4db65a Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 6.15.7 with commit ef58a95457466849fa7b31fd3953801a5af0f58b Issue introduced in 4.16 with commit 27105db6c63a571b91d01e749d026105a1e63bcf and fixed in 6.16 with commit 8af39ec5cf2be522c8eb43a3d8005ed59e4daaee Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38515 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: include/drm/spsc_queue.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/549a9c78c3ea6807d0dc4162a4f5ba59f217d5a0 https://git.kernel.org/stable/c/e62f51d0ec8a9baf324caf9a564f8e318d36a551 https://git.kernel.org/stable/c/ef841f8e4e1ff67817ca899bedc5ebb00847c0a7 https://git.kernel.org/stable/c/f9a4f28a4fc4ee453a92a9abbe36e26224d17749 https://git.kernel.org/stable/c/c64f5310530baf75328292f9b9f3f2961d185183 https://git.kernel.org/stable/c/e2d6547dc8b9b332f9bc00875197287a6a4db65a https://git.kernel.org/stable/c/ef58a95457466849fa7b31fd3953801a5af0f58b https://git.kernel.org/stable/c/8af39ec5cf2be522c8eb43a3d8005ed59e4daaee
Powered by blists - more mailing lists