| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082239-CVE-2025-38657-87b3@gregkh> Date: Fri, 22 Aug 2025 18:01:05 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38657: wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: mcc: prevent shift wrapping in rtw89_core_mlsr_switch() The "link_id" value comes from the user via debugfs. If it's larger than BITS_PER_LONG then that would result in shift wrapping and potentially an out of bounds access later. In fact, we can limit it to IEEE80211_MLD_MAX_NUM_LINKS (15). Fortunately, only root can write to debugfs files so the security impact is minimal. The Linux kernel CVE team has assigned CVE-2025-38657 to this issue. Affected and fixed versions =========================== Issue introduced in 6.16 with commit 9dd85e739ce0765f022014c3e0713e1007d7ef60 and fixed in 6.16.1 with commit 417cfa9cc44fbe6bceab786f9a4ee5a210f1288e Issue introduced in 6.16 with commit 9dd85e739ce0765f022014c3e0713e1007d7ef60 and fixed in 6.17-rc1 with commit 53cf488927a0f79968f9c03c4d1e00d2a79731c3 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38657 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/wireless/realtek/rtw89/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/417cfa9cc44fbe6bceab786f9a4ee5a210f1288e https://git.kernel.org/stable/c/53cf488927a0f79968f9c03c4d1e00d2a79731c3
Powered by blists - more mailing lists