| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025120911-CVE-2025-40337-d3bd@gregkh> Date: Tue, 9 Dec 2025 13:10:19 +0900 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if hardware checksum offload (CoE) was enabled and the packet was of a known IP ethertype. However, this logic failed to check if the hardware had actually reported a checksum error. The hardware status, indicating a header or payload checksum failure, was being ignored at this stage. This could cause corrupt packets to be passed up the network stack as valid. This patch corrects the logic by checking the `csum_none` status flag, which is set when the hardware reports a checksum error. If this flag is set, skb->ip_summed is now correctly set to CHECKSUM_NONE, ensuring the kernel's network stack will perform its own validation and properly handle the corrupt packet. The Linux kernel CVE team has assigned CVE-2025-40337 to this issue. Affected and fixed versions =========================== Fixed in 6.6.117 with commit 63fbe0e6413279d5ea5842e2423e351ded547683 Fixed in 6.12.58 with commit 719fcdf29051f7471d5d433475af76219019d33d Fixed in 6.17.8 with commit 1aa319e0f12d2d761a31556b82a5852c98eb0bea Fixed in 6.18 with commit ee0aace5f844ef59335148875d05bec8764e71e8 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-40337 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/ethernet/stmicro/stmmac/stmmac_main.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/63fbe0e6413279d5ea5842e2423e351ded547683 https://git.kernel.org/stable/c/719fcdf29051f7471d5d433475af76219019d33d https://git.kernel.org/stable/c/1aa319e0f12d2d761a31556b82a5852c98eb0bea https://git.kernel.org/stable/c/ee0aace5f844ef59335148875d05bec8764e71e8
Powered by blists - more mailing lists