| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025091143-CVE-2025-39752-c203@gregkh> Date: Thu, 11 Sep 2025 18:52:53 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39752: ARM: rockchip: fix kernel hang during smp initialization From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs are powered on (at least that true for RK3188 CPU). Sometimes that leads to kernel hang. Probably because secondary CPU execute trampoline code while kernel doesn't expect. The patch moves SRAM initialization step to the point where all secondary CPUs are powered down. That fixes rarely hangs on RK3188: [ 0.091568] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000 [ 0.091996] rockchip_smp_prepare_cpus: ncores 4 The Linux kernel CVE team has assigned CVE-2025-39752 to this issue. Affected and fixed versions =========================== Fixed in 5.4.297 with commit 3c6bf7a324b8995b9c7d790c8d2abf0668f51551 Fixed in 5.10.241 with commit 888a453c2a239765a7ab4de8a3cedae2e3802528 Fixed in 5.15.190 with commit c0726d1e466e2d0da620836e293a59e6427ccdff Fixed in 6.1.149 with commit 265583266d93db4ff83d088819b1f63fdf0131db Fixed in 6.6.103 with commit d7d6d076ee9532c4668f14696a35688d35dd16f4 Fixed in 6.12.43 with commit 0223a3683d502b7e5eb2eb4ad7e97363fa88d531 Fixed in 6.15.11 with commit 47769dab9073a73e127aa0bfd0ba4c51eaccdc33 Fixed in 6.16.2 with commit 1eb67589a7e091b1e5108aab72fddbf4dc69af2c Fixed in 6.17-rc1 with commit 7cdb433bb44cdc87dc5260cdf15bf03cc1cd1814 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39752 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/arm/mach-rockchip/platsmp.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3c6bf7a324b8995b9c7d790c8d2abf0668f51551 https://git.kernel.org/stable/c/888a453c2a239765a7ab4de8a3cedae2e3802528 https://git.kernel.org/stable/c/c0726d1e466e2d0da620836e293a59e6427ccdff https://git.kernel.org/stable/c/265583266d93db4ff83d088819b1f63fdf0131db https://git.kernel.org/stable/c/d7d6d076ee9532c4668f14696a35688d35dd16f4 https://git.kernel.org/stable/c/0223a3683d502b7e5eb2eb4ad7e97363fa88d531 https://git.kernel.org/stable/c/47769dab9073a73e127aa0bfd0ba4c51eaccdc33 https://git.kernel.org/stable/c/1eb67589a7e091b1e5108aab72fddbf4dc69af2c https://git.kernel.org/stable/c/7cdb433bb44cdc87dc5260cdf15bf03cc1cd1814
Powered by blists - more mailing lists