| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082213-CVE-2025-38617-1e47@gregkh>
Date: Fri, 22 Aug 2025 15:01:13 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
net/packet: fix a race in packet_set_ring() and packet_notifier()
When packet_set_ring() releases po->bind_lock, another thread can
run packet_notifier() and process an NETDEV_UP event.
This race and the fix are both similar to that of commit 15fe076edea7
("net/packet: fix a race in packet_bind() and packet_notifier()").
There too the packet_notifier NETDEV_UP event managed to run while a
po->bind_lock critical section had to be temporarily released. And
the fix was similarly to temporarily set po->num to zero to keep
the socket unhooked until the lock is retaken.
The po->bind_lock in packet_set_ring and packet_notifier precede the
introduction of git history.
The Linux kernel CVE team has assigned CVE-2025-38617 to this issue.
Affected and fixed versions
===========================
Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.1.148 with commit 7de07705007c7e34995a5599aaab1d23e762d7ca
Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.6.102 with commit 88caf46db8239e6471413d28aabaa6b8bd552805
Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.12.42 with commit f2e8fcfd2b1bc754920108b7f2cd75082c5a18df
Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.15.10 with commit e50ccfaca9e3c671cae917dcb994831a859cf588
Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.16.1 with commit f1791fd7b845bea0ce9674fcf2febee7bc87a893
Issue introduced in 2.6.12 with commit 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and fixed in 6.17-rc1 with commit 01d3c8417b9c1b884a8a981a3b886da556512f36
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-38617
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
net/packet/af_packet.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/7de07705007c7e34995a5599aaab1d23e762d7ca
https://git.kernel.org/stable/c/88caf46db8239e6471413d28aabaa6b8bd552805
https://git.kernel.org/stable/c/f2e8fcfd2b1bc754920108b7f2cd75082c5a18df
https://git.kernel.org/stable/c/e50ccfaca9e3c671cae917dcb994831a859cf588
https://git.kernel.org/stable/c/f1791fd7b845bea0ce9674fcf2febee7bc87a893
https://git.kernel.org/stable/c/01d3c8417b9c1b884a8a981a3b886da556512f36
Powered by blists - more mailing lists