| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121634-CVE-2025-68224-37da@gregkh>
Date: Tue, 16 Dec 2025 14:57:43 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-68224: scsi: core: Fix a regression triggered by scsi_host_busy()
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
scsi: core: Fix a regression triggered by scsi_host_busy()
Commit 995412e23bb2 ("blk-mq: Replace tags->lock with SRCU for tag
iterators") introduced the following regression:
Call trace:
__srcu_read_lock+0x30/0x80 (P)
blk_mq_tagset_busy_iter+0x44/0x300
scsi_host_busy+0x38/0x70
ufshcd_print_host_state+0x34/0x1bc
ufshcd_link_startup.constprop.0+0xe4/0x2e0
ufshcd_init+0x944/0xf80
ufshcd_pltfrm_init+0x504/0x820
ufs_rockchip_probe+0x2c/0x88
platform_probe+0x5c/0xa4
really_probe+0xc0/0x38c
__driver_probe_device+0x7c/0x150
driver_probe_device+0x40/0x120
__driver_attach+0xc8/0x1e0
bus_for_each_dev+0x7c/0xdc
driver_attach+0x24/0x30
bus_add_driver+0x110/0x230
driver_register+0x68/0x130
__platform_driver_register+0x20/0x2c
ufs_rockchip_pltform_init+0x1c/0x28
do_one_initcall+0x60/0x1e0
kernel_init_freeable+0x248/0x2c4
kernel_init+0x20/0x140
ret_from_fork+0x10/0x20
Fix this regression by making scsi_host_busy() check whether the SCSI
host tag set has already been initialized. tag_set->ops is set by
scsi_mq_setup_tags() just before blk_mq_alloc_tag_set() is called. This
fix is based on the assumption that scsi_host_busy() and
scsi_mq_setup_tags() calls are serialized. This is the case in the UFS
driver.
The Linux kernel CVE team has assigned CVE-2025-68224 to this issue.
Affected and fixed versions
===========================
Fixed in 5.10.247 with commit 143257917b836bd5fc434063030fda199e249624
Fixed in 5.15.197 with commit 804b5b8e3545445450387ae6891262c421c49304
Fixed in 6.1.159 with commit d579f496681c5136d63cb4fbb685511227e73602
Fixed in 6.6.118 with commit 5d778778b40bcdfd9f8817fea1ec6ebcbec69c0a
Fixed in 6.12.60 with commit 47c8b35a1f1d53aac156480cea0a0c5c82919f03
Fixed in 6.17.10 with commit e208fb1660c4a43f06b7b66c3ff22dde84ec3990
Fixed in 6.18 with commit a0b7780602b1b196f47e527fec82166a7e67c4d0
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-68224
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/scsi/hosts.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/143257917b836bd5fc434063030fda199e249624
https://git.kernel.org/stable/c/804b5b8e3545445450387ae6891262c421c49304
https://git.kernel.org/stable/c/d579f496681c5136d63cb4fbb685511227e73602
https://git.kernel.org/stable/c/5d778778b40bcdfd9f8817fea1ec6ebcbec69c0a
https://git.kernel.org/stable/c/47c8b35a1f1d53aac156480cea0a0c5c82919f03
https://git.kernel.org/stable/c/e208fb1660c4a43f06b7b66c3ff22dde84ec3990
https://git.kernel.org/stable/c/a0b7780602b1b196f47e527fec82166a7e67c4d0
Powered by blists - more mailing lists