| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121617-CVE-2025-68233-1595@gregkh> Date: Tue, 16 Dec 2025 15:04:19 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68233: drm/tegra: Add call to put_pid() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to put_pid() Add a call to put_pid() corresponding to get_task_pid(). host1x_memory_context_alloc() does not take ownership of the PID so we need to free it here to avoid leaking. [mperttunen@...dia.com: reword commit message] The Linux kernel CVE team has assigned CVE-2025-68233 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit e09db97889ec647ad373f7a7422c83099c6120c5 and fixed in 6.1.159 with commit 6b572e5154af08ee13f8d2673e86f83bc5ff86cd Issue introduced in 6.0 with commit e09db97889ec647ad373f7a7422c83099c6120c5 and fixed in 6.6.118 with commit 2e78580e6e7deac6556236ef96db5bbf7b46857e Issue introduced in 6.0 with commit e09db97889ec647ad373f7a7422c83099c6120c5 and fixed in 6.12.60 with commit cbf2cbdb0733d7974dab296ffba0e7ae9b6524e5 Issue introduced in 6.0 with commit e09db97889ec647ad373f7a7422c83099c6120c5 and fixed in 6.17.10 with commit 27ea5c2c75c3419a9a019240ca44b9256f628df1 Issue introduced in 6.0 with commit e09db97889ec647ad373f7a7422c83099c6120c5 and fixed in 6.18 with commit 6cbab9f0da72b4dc3c3f9161197aa3b9daa1fa3a Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68233 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/tegra/uapi.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6b572e5154af08ee13f8d2673e86f83bc5ff86cd https://git.kernel.org/stable/c/2e78580e6e7deac6556236ef96db5bbf7b46857e https://git.kernel.org/stable/c/cbf2cbdb0733d7974dab296ffba0e7ae9b6524e5 https://git.kernel.org/stable/c/27ea5c2c75c3419a9a019240ca44b9256f628df1 https://git.kernel.org/stable/c/6cbab9f0da72b4dc3c3f9161197aa3b9daa1fa3a
Powered by blists - more mailing lists