| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111239-CVE-2025-40160-b13a@gregkh> Date: Wed, 12 Nov 2025 19:24:41 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40160: xen/events: Return -EEXIST for bound VIRQs From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON(). A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which per_cpu(virq_to_irq) it will be in. The Linux kernel CVE team has assigned CVE-2025-40160 to this issue. Affected and fixed versions =========================== Fixed in 6.6.113 with commit 612ef6056855c0aacb9b25d1d853c435754483f7 Fixed in 6.12.54 with commit a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa Fixed in 6.17.4 with commit f81db055a793eca9d05f79658ff62adafb41d664 Fixed in 6.18-rc1 with commit 07ce121d93a5e5fb2440a24da3dbf408fcee978e Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40160 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/xen/events/events_base.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/612ef6056855c0aacb9b25d1d853c435754483f7 https://git.kernel.org/stable/c/a1e7f07ae6b594f1ba5be46c6125b43bc505c5aa https://git.kernel.org/stable/c/f81db055a793eca9d05f79658ff62adafb41d664 https://git.kernel.org/stable/c/07ce121d93a5e5fb2440a24da3dbf408fcee978e
Powered by blists - more mailing lists