| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025092301-CVE-2025-39882-1d0a@gregkh> Date: Tue, 23 Sep 2025 08:01:13 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39882: drm/mediatek: fix potential OF node use-after-free From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The for_each_child_of_node() helper drops the reference it takes to each node as it iterates over children and an explicit of_node_put() is only needed when exiting the loop early. Drop the recently introduced bogus additional reference count decrement at each iteration that could potentially lead to a use-after-free. The Linux kernel CVE team has assigned CVE-2025-39882 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.105 with commit 7d98166183d627c0b9daca7672b2191fae0f8a03 and fixed in 6.6.107 with commit b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d Issue introduced in 6.12.45 with commit 31ce7c089b50c3d3056c37e0e25e7535e4428ae1 and fixed in 6.12.48 with commit b58a26cdd4795c1ce6a80e38e9348885555dacd6 Issue introduced in 6.16.5 with commit fae58d0155a979a8c414bbc12db09dd4b2f910d0 and fixed in 6.16.8 with commit c4901802ed1ce859242e10af06e6a7752cba0497 Issue introduced in 6.17-rc4 with commit 1f403699c40f0806a707a9a6eed3b8904224021a and fixed in 6.17-rc6 with commit 4de37a48b6b58faaded9eb765047cf0d8785ea18 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39882 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/mediatek/mtk_drm_drv.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/b2fbe0f9f80b9cfa1e06ddcf8b863d918394ef1d https://git.kernel.org/stable/c/b58a26cdd4795c1ce6a80e38e9348885555dacd6 https://git.kernel.org/stable/c/c4901802ed1ce859242e10af06e6a7752cba0497 https://git.kernel.org/stable/c/4de37a48b6b58faaded9eb765047cf0d8785ea18
Powered by blists - more mailing lists