| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120417-CVE-2025-40216-d79f@gregkh> Date: Thu, 4 Dec 2025 15:14:18 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40216: io_uring/rsrc: don't rely on user vaddr alignment From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation of an offset of the first page into a folio after coalescing uses some weird bit mask logic, get rid of it. The Linux kernel CVE team has assigned CVE-2025-40216 to this issue. Affected and fixed versions =========================== Issue introduced in 6.12 with commit a8edbb424b1391b077407c75d8f5d2ede77aa70d and fixed in 6.12.36 with commit 50998b0ae7d9d552e96d8b7239981cf05f65eff5 Issue introduced in 6.12 with commit a8edbb424b1391b077407c75d8f5d2ede77aa70d and fixed in 6.15.5 with commit f16769241594be59387b56ab525e327f54377e60 Issue introduced in 6.12 with commit a8edbb424b1391b077407c75d8f5d2ede77aa70d and fixed in 6.16 with commit 3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40216 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: io_uring/rsrc.c io_uring/rsrc.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/50998b0ae7d9d552e96d8b7239981cf05f65eff5 https://git.kernel.org/stable/c/f16769241594be59387b56ab525e327f54377e60 https://git.kernel.org/stable/c/3a3c6d61577dbb23c09df3e21f6f9eda1ecd634b
Powered by blists - more mailing lists