| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090459-CVE-2025-38717-fbf6@gregkh> Date: Thu, 4 Sep 2025 17:33:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-38717: net: kcm: Fix race condition in kcm_unattach() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcm_unattach() syzbot found a race condition when kcm_unattach(psock) and kcm_release(kcm) are executed at the same time. kcm_unattach() is missing a check of the flag kcm->tx_stopped before calling queue_work(). If the kcm has a reserved psock, kcm_unattach() might get executed between cancel_work_sync() and unreserve_psock() in kcm_release(), requeuing kcm->tx_work right before kcm gets freed in kcm_done(). Remove kcm->tx_stopped and replace it by the less error-prone disable_work_sync(). The Linux kernel CVE team has assigned CVE-2025-38717 to this issue. Affected and fixed versions =========================== Issue introduced in 4.6 with commit ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 and fixed in 6.12.43 with commit c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308 Issue introduced in 4.6 with commit ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 and fixed in 6.15.11 with commit 7275dc3bb8f91b23125ff3f47b6529935cf46152 Issue introduced in 4.6 with commit ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 and fixed in 6.16.2 with commit 798733ee5d5788b12e8a52db1519abc17e826f69 Issue introduced in 4.6 with commit ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 and fixed in 6.17-rc2 with commit 52565a935213cd6a8662ddb8efe5b4219343a25d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-38717 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: include/net/kcm.h net/kcm/kcmsock.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c0bffbc92a1ca3960fb9cdb8e9f75a68468eb308 https://git.kernel.org/stable/c/7275dc3bb8f91b23125ff3f47b6529935cf46152 https://git.kernel.org/stable/c/798733ee5d5788b12e8a52db1519abc17e826f69 https://git.kernel.org/stable/c/52565a935213cd6a8662ddb8efe5b4219343a25d
Powered by blists - more mailing lists