| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120717-CVE-2025-40277-d511@gregkh> Date: Sun, 7 Dec 2025 06:52:24 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40277: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds access. The Linux kernel CVE team has assigned CVE-2025-40277 to this issue. Affected and fixed versions =========================== Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 5.4.302 with commit e58559845021c3bad5e094219378b869157fad53 Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 5.10.247 with commit 54d458b244893e47bda52ec3943fdfbc8d7d068b Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 5.15.197 with commit 709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173 Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 6.1.159 with commit a3abb54c27b2c393c44362399777ad2f6e1ff17e Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 6.6.117 with commit b5df9e06eed3df6a4f5c6f8453013b0cabb927b4 Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 6.12.59 with commit 5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 6.17.9 with commit f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0 Issue introduced in 4.3 with commit 8ce75f8ab9044fe11caaaf2b2c82471023212f9f and fixed in 6.18 with commit 32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40277 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e58559845021c3bad5e094219378b869157fad53 https://git.kernel.org/stable/c/54d458b244893e47bda52ec3943fdfbc8d7d068b https://git.kernel.org/stable/c/709e5c088f9c99a5cf2c1d1c6ce58f2cca7ab173 https://git.kernel.org/stable/c/a3abb54c27b2c393c44362399777ad2f6e1ff17e https://git.kernel.org/stable/c/b5df9e06eed3df6a4f5c6f8453013b0cabb927b4 https://git.kernel.org/stable/c/5aea2cde03d4247cdcf53f9ab7d0747c9dca1cfc https://git.kernel.org/stable/c/f3f3a8eb3f0ba799fae057091d8c67cca12d6fa0 https://git.kernel.org/stable/c/32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af
Powered by blists - more mailing lists