| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025081914-CVE-2025-38582-7eca@gregkh> Date: Tue, 19 Aug 2025 19:18:28 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38582: RDMA/hns: Fix double destruction of rsv_qp From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init(). list_del corruption, ffff589732eb9b50->next is LIST_POISON1 (dead000000000100) WARNING: CPU: 8 PID: 1047115 at lib/list_debug.c:53 __list_del_entry_valid+0x148/0x240 ... Call trace: __list_del_entry_valid+0x148/0x240 hns_roce_qp_remove+0x4c/0x3f0 [hns_roce_hw_v2] hns_roce_v2_destroy_qp_common+0x1dc/0x5f4 [hns_roce_hw_v2] hns_roce_v2_destroy_qp+0x22c/0x46c [hns_roce_hw_v2] free_mr_exit+0x6c/0x120 [hns_roce_hw_v2] hns_roce_v2_exit+0x170/0x200 [hns_roce_hw_v2] hns_roce_exit+0x118/0x350 [hns_roce_hw_v2] __hns_roce_hw_v2_init_instance+0x1c8/0x304 [hns_roce_hw_v2] hns_roce_hw_v2_reset_notify_init+0x170/0x21c [hns_roce_hw_v2] hns_roce_hw_v2_reset_notify+0x6c/0x190 [hns_roce_hw_v2] hclge_notify_roce_client+0x6c/0x160 [hclge] hclge_reset_rebuild+0x150/0x5c0 [hclge] hclge_reset+0x10c/0x140 [hclge] hclge_reset_subtask+0x80/0x104 [hclge] hclge_reset_service_task+0x168/0x3ac [hclge] hclge_service_task+0x50/0x100 [hclge] process_one_work+0x250/0x9a0 worker_thread+0x324/0x990 kthread+0x190/0x210 ret_from_fork+0x10/0x18 The Linux kernel CVE team has assigned CVE-2025-38582 to this issue. Affected and fixed versions =========================== Issue introduced in 6.12 with commit fd8489294dd2beefb70f12ec4f6132aeec61a4d0 and fixed in 6.12.42 with commit dab173bae3303f074f063750a8dead2550d8c782 Issue introduced in 6.12 with commit fd8489294dd2beefb70f12ec4f6132aeec61a4d0 and fixed in 6.15.10 with commit fc8b0f5b16bab2e032b4cfcd6218d5df3b80b2ea Issue introduced in 6.12 with commit fd8489294dd2beefb70f12ec4f6132aeec61a4d0 and fixed in 6.16.1 with commit 10b083dbba22be19baa848432b6f25aa68ab2db5 Issue introduced in 6.12 with commit fd8489294dd2beefb70f12ec4f6132aeec61a4d0 and fixed in 6.17-rc1 with commit c6957b95ecc5b63c5a4bb4ecc28af326cf8f6dc8 Issue introduced in 6.1.113 with commit 2ccf1c75d39949d8ea043d04a2e92d7100ea723d Issue introduced in 6.6.54 with commit d2d9c5127122745da6e887f451dd248cfeffca33 Issue introduced in 6.10.13 with commit dac2723d8bfa9cf5333f477741e6e5fa1ed34645 Issue introduced in 6.11.2 with commit 60595923371c2ebe7faf82536c47eb0c967e3425 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38582 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/hns/hns_roce_hw_v2.c drivers/infiniband/hw/hns/hns_roce_main.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/dab173bae3303f074f063750a8dead2550d8c782 https://git.kernel.org/stable/c/fc8b0f5b16bab2e032b4cfcd6218d5df3b80b2ea https://git.kernel.org/stable/c/10b083dbba22be19baa848432b6f25aa68ab2db5 https://git.kernel.org/stable/c/c6957b95ecc5b63c5a4bb4ecc28af326cf8f6dc8
Powered by blists - more mailing lists