| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025102404-CVE-2025-40024-8739@gregkh> Date: Fri, 24 Oct 2025 14:25:07 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task. From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference to its task_struct. That task may exit early via a signal and its task_struct will be released. A pending vhost_task_wake() will then attempt to wake the task and access a task_struct which is no longer there. Acquire a reference on the task_struct while creating the thread and release the reference while the struct vhost_task itself is removed. If the task exits early due to a signal, then the vhost_task_wake() will still access a valid task_struct. The wake is safe and will be skipped in this case. The Linux kernel CVE team has assigned CVE-2025-40024 to this issue. Affected and fixed versions =========================== Issue introduced in 6.4 with commit f9010dbdce911ee1f1af1398a24b1f9f992e0080 and fixed in 6.6.109 with commit 82a1463c968b1a6ae598a4f2fcef17b71bb7d3a0 Issue introduced in 6.4 with commit f9010dbdce911ee1f1af1398a24b1f9f992e0080 and fixed in 6.12.50 with commit d2be773a92874a070215b51b730cb2b1eaa8fae2 Issue introduced in 6.4 with commit f9010dbdce911ee1f1af1398a24b1f9f992e0080 and fixed in 6.16.10 with commit 7ce635b3d3aba43296b62b5a2d97c008bc51cbd2 Issue introduced in 6.4 with commit f9010dbdce911ee1f1af1398a24b1f9f992e0080 and fixed in 6.17 with commit afe16653e05db07d658b55245c7a2e0603f136c0 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40024 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/vhost_task.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/82a1463c968b1a6ae598a4f2fcef17b71bb7d3a0 https://git.kernel.org/stable/c/d2be773a92874a070215b51b730cb2b1eaa8fae2 https://git.kernel.org/stable/c/7ce635b3d3aba43296b62b5a2d97c008bc51cbd2 https://git.kernel.org/stable/c/afe16653e05db07d658b55245c7a2e0603f136c0
Powered by blists - more mailing lists