| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120431-CVE-2025-40253-e855@gregkh> Date: Thu, 4 Dec 2025 16:57:34 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40253: s390/ctcm: Fix double-kfree From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: s390/ctcm: Fix double-kfree The function 'mpc_rcvd_sweep_req(mpcginfo)' is called conditionally from function 'ctcmpc_unpack_skb'. It frees passed mpcginfo. After that a call to function 'kfree' in function 'ctcmpc_unpack_skb' frees it again. Remove 'kfree' call in function 'mpc_rcvd_sweep_req(mpcginfo)'. Bug detected by the clang static analyzer. The Linux kernel CVE team has assigned CVE-2025-40253 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.195 with commit 467ddbbe7e749d558f13e640f50f546149c930b3 and fixed in 5.4.302 with commit 06f1dd1de0d33dbfbd2e1fc9fc57d8895f730de2 Issue introduced in 5.18 with commit 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a and fixed in 6.6.118 with commit 3b177b2ded563df16f6d5920671ffcfe5915d472 Issue introduced in 5.18 with commit 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a and fixed in 6.12.60 with commit b9dbfb1b5699f9f1e4991f96741bdf9047147589 Issue introduced in 5.18 with commit 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a and fixed in 6.17.10 with commit 7ff76f8dc6b550f8d16487bf3cebc278be720b5c Issue introduced in 5.18 with commit 0c0b20587b9f25a2ad14db7f80ebe49bdf29920a and fixed in 6.18 with commit da02a1824884d6c84c5e5b5ac373b0c9e3288ec2 Issue introduced in 4.9.315 with commit 36933de59f67029e5739a98393891f9b94f27e0f Issue introduced in 4.14.280 with commit d886b4292a1c5b4facdb2dfdc31f0fecc71df898 Issue introduced in 4.19.244 with commit 4c9ba0fed125deba8416b995b0c274b0804c0c24 Issue introduced in 5.10.117 with commit 4d3c6d741816539b57fa1110c3f765a8c176d7b4 Issue introduced in 5.15.41 with commit 2bd57101c3ecf3f8c0da1d26c2b6ad511adc6d50 Issue introduced in 5.17.9 with commit ea0053af5dab4d63a9c44563973fb2f3bfd9eb2b Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40253 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/s390/net/ctcm_mpc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/06f1dd1de0d33dbfbd2e1fc9fc57d8895f730de2 https://git.kernel.org/stable/c/3b177b2ded563df16f6d5920671ffcfe5915d472 https://git.kernel.org/stable/c/b9dbfb1b5699f9f1e4991f96741bdf9047147589 https://git.kernel.org/stable/c/7ff76f8dc6b550f8d16487bf3cebc278be720b5c https://git.kernel.org/stable/c/da02a1824884d6c84c5e5b5ac373b0c9e3288ec2
Powered by blists - more mailing lists