| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025090550-CVE-2025-39709-67cb@gregkh> Date: Fri, 5 Sep 2025 19:21:22 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39709: media: venus: protect against spurious interrupts during probe From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hfi_create(), it's possible that an interrupt fires before the handler setup is complete, leading to a NULL dereference. This error condition has been observed during system boot on Rb3Gen2. The Linux kernel CVE team has assigned CVE-2025-39709 to this issue. Affected and fixed versions =========================== Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 5.4.297 with commit 18c2b2bd982b8546312c9a7895515672169f28e0 Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 5.10.241 with commit 88cf63c2599761c48dec8f618d57dccf8f6f4b53 Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 5.15.190 with commit 9db6a78bc5e418e0064e2248c8f3b9b9e8418646 Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 6.1.149 with commit 37cc0ac889b018097c217c5929fd6dc2aed636a1 Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 6.6.103 with commit f54be97bc69b1096198b6717c150dec69f2a1b4d Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 6.12.44 with commit 639eb587f977c02423f4762467055b23902b4131 Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 6.16.4 with commit e796028b4835af00d9a38ebbb208ec3a6634702a Issue introduced in 4.13 with commit af2c3834c8ca7cc65d15592ac671933df8848115 and fixed in 6.17-rc1 with commit 3200144a2fa4209dc084a19941b9b203b43580f0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39709 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/media/platform/qcom/venus/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/18c2b2bd982b8546312c9a7895515672169f28e0 https://git.kernel.org/stable/c/88cf63c2599761c48dec8f618d57dccf8f6f4b53 https://git.kernel.org/stable/c/9db6a78bc5e418e0064e2248c8f3b9b9e8418646 https://git.kernel.org/stable/c/37cc0ac889b018097c217c5929fd6dc2aed636a1 https://git.kernel.org/stable/c/f54be97bc69b1096198b6717c150dec69f2a1b4d https://git.kernel.org/stable/c/639eb587f977c02423f4762467055b23902b4131 https://git.kernel.org/stable/c/e796028b4835af00d9a38ebbb208ec3a6634702a https://git.kernel.org/stable/c/3200144a2fa4209dc084a19941b9b203b43580f0
Powered by blists - more mailing lists