| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082235-CVE-2025-38645-8e50@gregkh> Date: Fri, 22 Aug 2025 18:00:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38645: net/mlx5: Check device memory pointer before usage From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails. The Linux kernel CVE team has assigned CVE-2025-38645 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4 with commit c9b9dcb430b3cd0ad2b04c360c4e528d73430481 and fixed in 6.1.148 with commit eebb225fe6c9103293807b8edabcbad59f9589bc Issue introduced in 5.4 with commit c9b9dcb430b3cd0ad2b04c360c4e528d73430481 and fixed in 6.6.102 with commit 62d7cf455c887941ed6f105cd430ba04ee0b6c9f Issue introduced in 5.4 with commit c9b9dcb430b3cd0ad2b04c360c4e528d73430481 and fixed in 6.12.42 with commit 4249f1307932f1b6bbb8b7eba60d82f0b7e44430 Issue introduced in 5.4 with commit c9b9dcb430b3cd0ad2b04c360c4e528d73430481 and fixed in 6.15.10 with commit 3046b011d368162b1b9ca9453eee0fea930e0a93 Issue introduced in 5.4 with commit c9b9dcb430b3cd0ad2b04c360c4e528d73430481 and fixed in 6.16.1 with commit da899a1fd7c40e2e4302af1db7d0b8540fb22283 Issue introduced in 5.4 with commit c9b9dcb430b3cd0ad2b04c360c4e528d73430481 and fixed in 6.17-rc1 with commit 70f238c902b8c0461ae6fbb8d1a0bbddc4350eea Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38645 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/infiniband/hw/mlx5/dm.c drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c drivers/net/ethernet/mellanox/mlx5/core/main.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/eebb225fe6c9103293807b8edabcbad59f9589bc https://git.kernel.org/stable/c/62d7cf455c887941ed6f105cd430ba04ee0b6c9f https://git.kernel.org/stable/c/4249f1307932f1b6bbb8b7eba60d82f0b7e44430 https://git.kernel.org/stable/c/3046b011d368162b1b9ca9453eee0fea930e0a93 https://git.kernel.org/stable/c/da899a1fd7c40e2e4302af1db7d0b8540fb22283 https://git.kernel.org/stable/c/70f238c902b8c0461ae6fbb8d1a0bbddc4350eea
Powered by blists - more mailing lists