| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102002-CVE-2025-40010-5f54@gregkh> Date: Mon, 20 Oct 2025 17:27:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40010: afs: Fix potential null pointer dereference in afs_put_server From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, which could lead to a null pointer dereference. Move the debug_id assignment, ensuring we never dereference a NULL server pointer. The Linux kernel CVE team has assigned CVE-2025-40010 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit 2757a4dc184997c66ef1de32636f73b9f21aac14 and fixed in 6.1.155 with commit 7b8381f3c405b864a814d747e526e078c3ef4bc2 Issue introduced in 6.0 with commit 2757a4dc184997c66ef1de32636f73b9f21aac14 and fixed in 6.6.109 with commit cab278cead49a547ac84c3e185f446f381303eae Issue introduced in 6.0 with commit 2757a4dc184997c66ef1de32636f73b9f21aac14 and fixed in 6.12.50 with commit a13dbc5e20c7284b82afe6f08debdecf51d2ca04 Issue introduced in 6.0 with commit 2757a4dc184997c66ef1de32636f73b9f21aac14 and fixed in 6.16.10 with commit 41782c44bb8431c43043129ae42f2ba614938479 Issue introduced in 6.0 with commit 2757a4dc184997c66ef1de32636f73b9f21aac14 and fixed in 6.17 with commit 9158c6bb245113d4966df9b2ba602197a379412e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40010 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/afs/server.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/7b8381f3c405b864a814d747e526e078c3ef4bc2 https://git.kernel.org/stable/c/cab278cead49a547ac84c3e185f446f381303eae https://git.kernel.org/stable/c/a13dbc5e20c7284b82afe6f08debdecf51d2ca04 https://git.kernel.org/stable/c/41782c44bb8431c43043129ae42f2ba614938479 https://git.kernel.org/stable/c/9158c6bb245113d4966df9b2ba602197a379412e
Powered by blists - more mailing lists