| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121654-CVE-2025-68312-63bb@gregkh> Date: Tue, 16 Dec 2025 16:39:55 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68312: usbnet: Prevents free active kevent From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0); put the kevent work in global workqueue. However, the kevent has not yet been scheduled when the usbnet device is unregistered. Therefore, executing free_netdev() results in the "free active object (kevent)" error reported here. 2. Another factor is that when calling usbnet_disconnect()->unregister_netdev(), if the usbnet device is up, ndo_stop() is executed to cancel the kevent. However, because the device is not up, ndo_stop() is not executed. The solution to this problem is to cancel the kevent before executing free_netdev(). The Linux kernel CVE team has assigned CVE-2025-68312 to this issue. Affected and fixed versions =========================== Issue introduced in 5.4.211 with commit 8b4588b8b00b299be16a35be67b331d8fdba03f3 and fixed in 5.4.302 with commit 285d4b953f2ca03c358f986718dd89ee9bde632e Issue introduced in 5.10.137 with commit 135199a2edd459d2b123144efcd7f9bcd95128e4 and fixed in 5.10.247 with commit 88a38b135d69f5db9024ff6527232f1b51be8915 Issue introduced in 5.15.61 with commit 635fd8953e4309b54ca6a81bed1d4a87668694f4 and fixed in 5.15.197 with commit 43005002b60ef3424719ecda16d124714b45da3b Issue introduced in 6.0 with commit a69e617e533edddf3fa3123149900f36e0a6dc74 and fixed in 6.1.159 with commit 3a10619fdefd3051aeb14860e4d4335529b4e94d Issue introduced in 6.0 with commit a69e617e533edddf3fa3123149900f36e0a6dc74 and fixed in 6.6.117 with commit 9a579d6a39513069d298eee70770bbac8a148565 Issue introduced in 6.0 with commit a69e617e533edddf3fa3123149900f36e0a6dc74 and fixed in 6.12.58 with commit 2ce1de32e05445d77fc056f6ff8339cfb78a5f84 Issue introduced in 6.0 with commit a69e617e533edddf3fa3123149900f36e0a6dc74 and fixed in 6.17.8 with commit 5158fb8da162e3982940f30cd01ed77bdf42c6fc Issue introduced in 6.0 with commit a69e617e533edddf3fa3123149900f36e0a6dc74 and fixed in 6.18 with commit 420c84c330d1688b8c764479e5738bbdbf0a33de Issue introduced in 4.9.326 with commit d2d6b530d89b0a912148018027386aa049f0a309 Issue introduced in 4.14.291 with commit e2a521a7dcc463c5017b4426ca0804e151faeff7 Issue introduced in 4.19.256 with commit 7f77dcbc030c2faa6d8e8a594985eeb34018409e Issue introduced in 5.18.18 with commit d49bb8cf9bfaa06aa527eb30f1a52a071da2e32f Issue introduced in 5.19.2 with commit db3b738ae5f726204876f4303c49cfdf4311403f Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68312 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/usb/usbnet.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/285d4b953f2ca03c358f986718dd89ee9bde632e https://git.kernel.org/stable/c/88a38b135d69f5db9024ff6527232f1b51be8915 https://git.kernel.org/stable/c/43005002b60ef3424719ecda16d124714b45da3b https://git.kernel.org/stable/c/3a10619fdefd3051aeb14860e4d4335529b4e94d https://git.kernel.org/stable/c/9a579d6a39513069d298eee70770bbac8a148565 https://git.kernel.org/stable/c/2ce1de32e05445d77fc056f6ff8339cfb78a5f84 https://git.kernel.org/stable/c/5158fb8da162e3982940f30cd01ed77bdf42c6fc https://git.kernel.org/stable/c/420c84c330d1688b8c764479e5738bbdbf0a33de
Powered by blists - more mailing lists