| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025082205-CVE-2025-38675-5eac@gregkh> Date: Fri, 22 Aug 2025 18:04:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38675: xfrm: state: initialize state_ptrs earlier in xfrm_state_find From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: xfrm: state: initialize state_ptrs earlier in xfrm_state_find In case of preemption, xfrm_state_look_at will find a different pcpu_id and look up states for that other CPU. If we matched a state for CPU2 in the state_cache while the lookup started on CPU1, we will jump to "found", but the "best" state that we got will be ignored and we will enter the "acquire" block. This block uses state_ptrs, which isn't initialized at this point. Let's initialize state_ptrs just after taking rcu_read_lock. This will also prevent a possible misuse in the future, if someone adjusts this function. The Linux kernel CVE team has assigned CVE-2025-38675 to this issue. Affected and fixed versions =========================== Issue introduced in 6.12.13 with commit a16871c7832ea6435abb6e0b58289ae7dcb7e4fc and fixed in 6.12.41 with commit 6bf2daafc51bcb9272c0fdff2afd38217337d0d3 Issue introduced in 6.14 with commit e952837f3ddb0ff726d5b582aa1aad9aa38d024d and fixed in 6.15.9 with commit 463562f9591742be62ddde3b426a0533ed496955 Issue introduced in 6.14 with commit e952837f3ddb0ff726d5b582aa1aad9aa38d024d and fixed in 6.16 with commit 94d077c331730510d5611b438640a292097341f0 Issue introduced in 6.13.2 with commit dd4c2a174994238d55ab54da2545543d36f4e0d0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38675 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/xfrm/xfrm_state.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6bf2daafc51bcb9272c0fdff2afd38217337d0d3 https://git.kernel.org/stable/c/463562f9591742be62ddde3b426a0533ed496955 https://git.kernel.org/stable/c/94d077c331730510d5611b438640a292097341f0
Powered by blists - more mailing lists