| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090451-CVE-2025-38695-f491@gregkh> Date: Thu, 4 Sep 2025 17:33:00 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38695: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted() may occur before sli4_hba.hdwqs are allocated. This may result in a null pointer dereference when attempting to take the abts_io_buf_list_lock for the first hardware queue. Fix by adding a null ptr check on phba->sli4_hba.hdwq and early return because this situation means there must have been an error during port initialization. The Linux kernel CVE team has assigned CVE-2025-38695 to this issue. Affected and fixed versions =========================== Fixed in 5.4.297 with commit 6711ce7e9de4eb1a541ef30638df1294ea4267f8 Fixed in 5.10.241 with commit 74bdf54a847dab209d2a8f65852f59b7fa156175 Fixed in 5.15.190 with commit 5e25ee1ecec91c61a8acf938ad338399cad464de Fixed in 6.1.149 with commit add68606a01dcccf18837a53e85b85caf0693b4b Fixed in 6.6.103 with commit 7925dd68807cc8fd755b04ca99e7e6f1c04392e8 Fixed in 6.12.43 with commit 571617f171f723b05f02d154a2e549a17eab4935 Fixed in 6.15.11 with commit d3f55f46bb37a8ec73bfe3cfe36e3ecfa2945dfa Fixed in 6.16.2 with commit 46a0602c24d7d425dd8e00c749cd64a934aac7ec Fixed in 6.17-rc1 with commit 6698796282e828733cde3329c887b4ae9e5545e9 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38695 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/scsi/lpfc/lpfc_scsi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6711ce7e9de4eb1a541ef30638df1294ea4267f8 https://git.kernel.org/stable/c/74bdf54a847dab209d2a8f65852f59b7fa156175 https://git.kernel.org/stable/c/5e25ee1ecec91c61a8acf938ad338399cad464de https://git.kernel.org/stable/c/add68606a01dcccf18837a53e85b85caf0693b4b https://git.kernel.org/stable/c/7925dd68807cc8fd755b04ca99e7e6f1c04392e8 https://git.kernel.org/stable/c/571617f171f723b05f02d154a2e549a17eab4935 https://git.kernel.org/stable/c/d3f55f46bb37a8ec73bfe3cfe36e3ecfa2945dfa https://git.kernel.org/stable/c/46a0602c24d7d425dd8e00c749cd64a934aac7ec https://git.kernel.org/stable/c/6698796282e828733cde3329c887b4ae9e5545e9
Powered by blists - more mailing lists