| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121633-CVE-2025-68187-630c@gregkh> Date: Tue, 16 Dec 2025 14:43:48 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68187: net: mdio: Check regmap pointer returned by device_node_to_regmap() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: net: mdio: Check regmap pointer returned by device_node_to_regmap() The call to device_node_to_regmap() in airoha_mdio_probe() can return an ERR_PTR() if regmap initialization fails. Currently, the driver stores the pointer without validation, which could lead to a crash if it is later dereferenced. Add an IS_ERR() check and return the corresponding error code to make the probe path more robust. The Linux kernel CVE team has assigned CVE-2025-68187 to this issue. Affected and fixed versions =========================== Issue introduced in 6.17 with commit 67e3ba978361cb262f8f8981ab88ccb97f1e2bda and fixed in 6.17.8 with commit dc8ed3823473bb38ba43cfb34f1e1c1baa22f975 Issue introduced in 6.17 with commit 67e3ba978361cb262f8f8981ab88ccb97f1e2bda and fixed in 6.18 with commit b2b526c2cf57d14ee269e012ed179081871f45a1 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68187 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/net/mdio/mdio-airoha.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/dc8ed3823473bb38ba43cfb34f1e1c1baa22f975 https://git.kernel.org/stable/c/b2b526c2cf57d14ee269e012ed179081871f45a1
Powered by blists - more mailing lists