| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121635-CVE-2025-68191-ec54@gregkh> Date: Tue, 16 Dec 2025 14:43:52 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68191: udp_tunnel: use netdev_warn() instead of netdev_WARN() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: use netdev_warn() instead of netdev_WARN() netdev_WARN() uses WARN/WARN_ON to print a backtrace along with file and line information. In this case, udp_tunnel_nic_register() returning an error is just a failed operation, not a kernel bug. udp_tunnel_nic_register() can fail due to a memory allocation failure (kzalloc() or udp_tunnel_nic_alloc()). This is a normal runtime error and not a kernel bug. Replace netdev_WARN() with netdev_warn() accordingly. The Linux kernel CVE team has assigned CVE-2025-68191 to this issue. Affected and fixed versions =========================== Fixed in 5.10.247 with commit 087f1ed450dc6e7e49ffbbbe5b78be1218c6d5e0 Fixed in 5.15.197 with commit 45e4e4a8772fa1c5f6f38e82b732b3a9d8137af4 Fixed in 6.1.159 with commit 7758ec35ff3e9a31558eda4f0f9eb0ddfa78a8ba Fixed in 6.6.117 with commit c018a87942bf1607aeebf8dba5a210ca9a09a0fd Fixed in 6.12.58 with commit 51b3033088f0420b19027e3d54cd989b6ebd987e Fixed in 6.17.8 with commit 3c3b148bf8384c8a787753cf20abde1c5731f97f Fixed in 6.18 with commit dc2f650f7e6857bf384069c1a56b2937a1ee370d Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68191 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: net/ipv4/udp_tunnel_nic.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/087f1ed450dc6e7e49ffbbbe5b78be1218c6d5e0 https://git.kernel.org/stable/c/45e4e4a8772fa1c5f6f38e82b732b3a9d8137af4 https://git.kernel.org/stable/c/7758ec35ff3e9a31558eda4f0f9eb0ddfa78a8ba https://git.kernel.org/stable/c/c018a87942bf1607aeebf8dba5a210ca9a09a0fd https://git.kernel.org/stable/c/51b3033088f0420b19027e3d54cd989b6ebd987e https://git.kernel.org/stable/c/3c3b148bf8384c8a787753cf20abde1c5731f97f https://git.kernel.org/stable/c/dc2f650f7e6857bf384069c1a56b2937a1ee370d
Powered by blists - more mailing lists