| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025081923-CVE-2025-38611-e9f6@gregkh> Date: Tue, 19 Aug 2025 19:18:57 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38611: vmci: Prevent the dispatching of uninitialized payloads From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmci_datagram_dispatch() to send events to all vm contexts. This affects the datagram taken from the datagram queue of its context by another task, because the datagram payload is not initialized according to the size payload_size, which causes the kernel data to leak to the user space. Before dispatching the datagram, and before setting the payload content, explicitly set the payload content to 0 to avoid data leakage caused by incomplete payload initialization. The Linux kernel CVE team has assigned CVE-2025-38611 to this issue. Affected and fixed versions =========================== Issue introduced in 3.9 with commit 28d6692cd8fb2a900edba5e5983be4478756ef6f and fixed in 6.1.148 with commit bfd6b211fe8aae79acbedd19e8d5bea5d062a41b Issue introduced in 3.9 with commit 28d6692cd8fb2a900edba5e5983be4478756ef6f and fixed in 6.6.102 with commit 6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee Issue introduced in 3.9 with commit 28d6692cd8fb2a900edba5e5983be4478756ef6f and fixed in 6.12.42 with commit 87f8f8654e55cf9327cc63746595085a041699dc Issue introduced in 3.9 with commit 28d6692cd8fb2a900edba5e5983be4478756ef6f and fixed in 6.15.10 with commit 7624fe66a0832eb6fe4e465fcdd4f9104fb9b339 Issue introduced in 3.9 with commit 28d6692cd8fb2a900edba5e5983be4478756ef6f and fixed in 6.16.1 with commit 94112b0d443e0b6b5bb17854f97c1498064cc9ed Issue introduced in 3.9 with commit 28d6692cd8fb2a900edba5e5983be4478756ef6f and fixed in 6.17-rc1 with commit bfb4cf9fb97e4063f0aa62e9e398025fb6625031 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38611 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/misc/vmw_vmci/vmci_context.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/bfd6b211fe8aae79acbedd19e8d5bea5d062a41b https://git.kernel.org/stable/c/6696a46f4ebdc7314ff23a2fb0e93a95da2c45ee https://git.kernel.org/stable/c/87f8f8654e55cf9327cc63746595085a041699dc https://git.kernel.org/stable/c/7624fe66a0832eb6fe4e465fcdd4f9104fb9b339 https://git.kernel.org/stable/c/94112b0d443e0b6b5bb17854f97c1498064cc9ed https://git.kernel.org/stable/c/bfb4cf9fb97e4063f0aa62e9e398025fb6625031
Powered by blists - more mailing lists