| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090546-CVE-2025-39687-538e@gregkh> Date: Fri, 5 Sep 2025 19:21:01 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39687: iio: light: as73211: Ensure buffer holes are zeroed From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can read, ensure we zero it. The Linux kernel CVE team has assigned CVE-2025-39687 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10 with commit 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e and fixed in 5.10.241 with commit fd441fd972067f80861a0b66605c0febb0d038dd Issue introduced in 5.10 with commit 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e and fixed in 5.15.190 with commit d8c5d87a431596e0e02bd7fe3bff952b002a03bb Issue introduced in 5.10 with commit 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e and fixed in 6.1.149 with commit 83f14c4ca1ad78fcfb3e0de07d6d8a0c59550fc2 Issue introduced in 5.10 with commit 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e and fixed in 6.6.103 with commit 99b508340d0d1b9de0856c48c77898b14c0df7cf Issue introduced in 5.10 with commit 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e and fixed in 6.12.44 with commit cce55ca4e7a221d5eb2c0b757a868eacd6344e4a Issue introduced in 5.10 with commit 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e and fixed in 6.16.4 with commit 8acd9a0eaa8c9a28e385c0a6a56bb821cb549771 Issue introduced in 5.10 with commit 403e5586b52e466893ce3a7b7f3a3ecdc4c82d3e and fixed in 6.17-rc3 with commit 433b99e922943efdfd62b9a8e3ad1604838181f2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39687 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/iio/light/as73211.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/fd441fd972067f80861a0b66605c0febb0d038dd https://git.kernel.org/stable/c/d8c5d87a431596e0e02bd7fe3bff952b002a03bb https://git.kernel.org/stable/c/83f14c4ca1ad78fcfb3e0de07d6d8a0c59550fc2 https://git.kernel.org/stable/c/99b508340d0d1b9de0856c48c77898b14c0df7cf https://git.kernel.org/stable/c/cce55ca4e7a221d5eb2c0b757a868eacd6344e4a https://git.kernel.org/stable/c/8acd9a0eaa8c9a28e385c0a6a56bb821cb549771 https://git.kernel.org/stable/c/433b99e922943efdfd62b9a8e3ad1604838181f2
Powered by blists - more mailing lists