| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082230-CVE-2025-38625-9903@gregkh> Date: Fri, 22 Aug 2025 18:00:34 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38625: vfio/pds: Fix missing detach_ioas op From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: vfio/pds: Fix missing detach_ioas op When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, the following WARN_ON() trace is seen and probe fails: WARNING: CPU: 0 PID: 5040 at drivers/vfio/vfio_main.c:317 __vfio_register_dev+0x130/0x140 [vfio] <...> pds_vfio_pci 0000:08:00.1: probe with driver pds_vfio_pci failed with error -22 This is because the driver's vfio_device_ops.detach_ioas isn't set. Fix this by using the generic vfio_iommufd_physical_detach_ioas function. The Linux kernel CVE team has assigned CVE-2025-38625 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6 with commit 38fe3975b4c2c5eeefb543e09f9620da18b0d069 and fixed in 6.6.102 with commit 7dbfae90c5a33f6b694e7068bc9522cc2655373d Issue introduced in 6.6 with commit 38fe3975b4c2c5eeefb543e09f9620da18b0d069 and fixed in 6.12.42 with commit 1df8150ab4cc422bddfbd312d6758c50b688a971 Issue introduced in 6.6 with commit 38fe3975b4c2c5eeefb543e09f9620da18b0d069 and fixed in 6.15.10 with commit b265dff9fcf047f660976a5c92c83e7c414a2d95 Issue introduced in 6.6 with commit 38fe3975b4c2c5eeefb543e09f9620da18b0d069 and fixed in 6.16.1 with commit 88b962fbd0ac30a65d2869c68d2f145be46ebe4d Issue introduced in 6.6 with commit 38fe3975b4c2c5eeefb543e09f9620da18b0d069 and fixed in 6.17-rc1 with commit fe24d5bc635e103a517ec201c3cb571eeab8be2f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38625 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/vfio/pci/pds/vfio_dev.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7dbfae90c5a33f6b694e7068bc9522cc2655373d https://git.kernel.org/stable/c/1df8150ab4cc422bddfbd312d6758c50b688a971 https://git.kernel.org/stable/c/b265dff9fcf047f660976a5c92c83e7c414a2d95 https://git.kernel.org/stable/c/88b962fbd0ac30a65d2869c68d2f145be46ebe4d https://git.kernel.org/stable/c/fe24d5bc635e103a517ec201c3cb571eeab8be2f
Powered by blists - more mailing lists