| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120824-CVE-2025-40324-a4cd@gregkh> Date: Mon, 8 Dec 2025 09:47:48 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40324: NFSD: Fix crash in nfsd4_read_release() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix crash in nfsd4_read_release() When tracing is enabled, the trace_nfsd_read_done trace point crashes during the pynfs read.testNoFh test. The Linux kernel CVE team has assigned CVE-2025-40324 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10.220 with commit 65a33135e91e6dd661ecdf1194b9d90c49ae3570 and fixed in 5.10.247 with commit 930cb4fe3ab4061be31f20ee30bb72a66f7bb6d1 Issue introduced in 5.15.154 with commit b11d8162c24af4a351d21e2c804d25ca493305e3 and fixed in 5.15.197 with commit 375fdd8993cecc48afa359728a6e70b280dde1c8 Issue introduced in 6.1.24 with commit b623a8e5d38a69a3ef8644acb1030dd7c7bc28b3 and fixed in 6.1.159 with commit 2ac46606b2cc49e78d8e3d8f2685e79e9ba73020 Issue introduced in 6.3 with commit 15a8b55dbb1ba154d82627547c5761cac884d810 and fixed in 6.6.117 with commit 03524ccff698d4a77d096ed529073d91f5edee5d Issue introduced in 6.3 with commit 15a8b55dbb1ba154d82627547c5761cac884d810 and fixed in 6.12.58 with commit a4948875ed0599c037dc438c11891c9012721b1d Issue introduced in 6.3 with commit 15a8b55dbb1ba154d82627547c5761cac884d810 and fixed in 6.17.8 with commit 8f244b773c63fa480c9a3bd1ae04f5272f285e89 Issue introduced in 6.3 with commit 15a8b55dbb1ba154d82627547c5761cac884d810 and fixed in 6.18 with commit abb1f08a2121dd270193746e43b2a9373db9ad84 Issue introduced in 6.2.11 with commit 3d0dcada384af22dec764c8374a2997870ec86ae Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40324 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nfsd/nfs4proc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/930cb4fe3ab4061be31f20ee30bb72a66f7bb6d1 https://git.kernel.org/stable/c/375fdd8993cecc48afa359728a6e70b280dde1c8 https://git.kernel.org/stable/c/2ac46606b2cc49e78d8e3d8f2685e79e9ba73020 https://git.kernel.org/stable/c/03524ccff698d4a77d096ed529073d91f5edee5d https://git.kernel.org/stable/c/a4948875ed0599c037dc438c11891c9012721b1d https://git.kernel.org/stable/c/8f244b773c63fa480c9a3bd1ae04f5272f285e89 https://git.kernel.org/stable/c/abb1f08a2121dd270193746e43b2a9373db9ad84
Powered by blists - more mailing lists