| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100420-CVE-2025-39951-24b1@gregkh> Date: Sat, 4 Oct 2025 09:33:35 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-39951: um: virtio_uml: Fix use-after-free after put_device in probe From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: um: virtio_uml: Fix use-after-free after put_device in probe When register_virtio_device() fails in virtio_uml_probe(), the code sets vu_dev->registered = 1 even though the device was not successfully registered. This can lead to use-after-free or other issues. The Linux kernel CVE team has assigned CVE-2025-39951 to this issue. Affected and fixed versions =========================== Issue introduced in 5.5 with commit 04e5b1fb01834a602acaae2276b67a783a8c6159 and fixed in 6.1.154 with commit aaf900a83508c8cd5cdf765e7749f9076196ec7f Issue introduced in 5.5 with commit 04e5b1fb01834a602acaae2276b67a783a8c6159 and fixed in 6.6.108 with commit 4f364023ddcfe83f7073b973a9cb98584b7f2a46 Issue introduced in 5.5 with commit 04e5b1fb01834a602acaae2276b67a783a8c6159 and fixed in 6.12.49 with commit 00e98b5a69034b251bb36dc6e7123d7648e218e4 Issue introduced in 5.5 with commit 04e5b1fb01834a602acaae2276b67a783a8c6159 and fixed in 6.16.9 with commit c2ff91255e0157b356cff115d8dc3eeb5162edf2 Issue introduced in 5.5 with commit 04e5b1fb01834a602acaae2276b67a783a8c6159 and fixed in 6.17 with commit 7ebf70cf181651fe3f2e44e95e7e5073d594c9c0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-39951 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: arch/um/drivers/virtio_uml.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/aaf900a83508c8cd5cdf765e7749f9076196ec7f https://git.kernel.org/stable/c/4f364023ddcfe83f7073b973a9cb98584b7f2a46 https://git.kernel.org/stable/c/00e98b5a69034b251bb36dc6e7123d7648e218e4 https://git.kernel.org/stable/c/c2ff91255e0157b356cff115d8dc3eeb5162edf2 https://git.kernel.org/stable/c/7ebf70cf181651fe3f2e44e95e7e5073d594c9c0
Powered by blists - more mailing lists