| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082238-CVE-2025-38653-35ba@gregkh>
Date: Fri, 22 Aug 2025 18:01:01 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario.
It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in
proc_get_inode()"). Followed by AI Viro's suggestion, fix it in same
manner.
The Linux kernel CVE team has assigned CVE-2025-38653 to this issue.
Affected and fixed versions
===========================
Issue introduced in 6.0 with commit 3f61631d47f115b83c935d0039f95cb68b0c8ab7 and fixed in 6.1.148 with commit c35b0feb80b48720dfbbf4e33759c7be3faaebb6
Issue introduced in 6.0 with commit 3f61631d47f115b83c935d0039f95cb68b0c8ab7 and fixed in 6.6.102 with commit 33c778ea0bd0fa62ff590497e72562ff90f82b13
Issue introduced in 6.0 with commit 3f61631d47f115b83c935d0039f95cb68b0c8ab7 and fixed in 6.12.42 with commit fc1072d934f687e1221d685cf1a49a5068318f34
Issue introduced in 6.0 with commit 3f61631d47f115b83c935d0039f95cb68b0c8ab7 and fixed in 6.15.10 with commit d136502e04d8853a9aecb335d07bbefd7a1519a8
Issue introduced in 6.0 with commit 3f61631d47f115b83c935d0039f95cb68b0c8ab7 and fixed in 6.16.1 with commit 1fccbfbae1dd36198dc47feac696563244ad81d3
Issue introduced in 6.0 with commit 3f61631d47f115b83c935d0039f95cb68b0c8ab7 and fixed in 6.17-rc1 with commit ff7ec8dc1b646296f8d94c39339e8d3833d16c05
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38653
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
fs/proc/generic.c
fs/proc/inode.c
fs/proc/internal.h
include/linux/proc_fs.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/c35b0feb80b48720dfbbf4e33759c7be3faaebb6
https://git.kernel.org/stable/c/33c778ea0bd0fa62ff590497e72562ff90f82b13
https://git.kernel.org/stable/c/fc1072d934f687e1221d685cf1a49a5068318f34
https://git.kernel.org/stable/c/d136502e04d8853a9aecb335d07bbefd7a1519a8
https://git.kernel.org/stable/c/1fccbfbae1dd36198dc47feac696563244ad81d3
https://git.kernel.org/stable/c/ff7ec8dc1b646296f8d94c39339e8d3833d16c05
Powered by blists - more mailing lists