| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121630-CVE-2025-68239-f7a4@gregkh> Date: Tue, 16 Dec 2025 15:21:31 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68239: binfmt_misc: restore write access before closing files opened by open_exec() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: restore write access before closing files opened by open_exec() bm_register_write() opens an executable file using open_exec(), which internally calls do_open_execat() and denies write access on the file to avoid modification while it is being executed. However, when an error occurs, bm_register_write() closes the file using filp_close() directly. This does not restore the write permission, which may cause subsequent write operations on the same file to fail. Fix this by calling exe_file_allow_write_access() before filp_close() to restore the write permission properly. The Linux kernel CVE team has assigned CVE-2025-68239 to this issue. Affected and fixed versions =========================== Issue introduced in 5.12 with commit e7850f4d844e0acfac7e570af611d89deade3146 and fixed in 6.17.9 with commit e785f552ab04dbca01d31f0334f4561240b04459 Issue introduced in 5.12 with commit e7850f4d844e0acfac7e570af611d89deade3146 and fixed in 6.18 with commit 90f601b497d76f40fa66795c3ecf625b6aced9fd Issue introduced in 4.9.262 with commit 467a50d5db7deaf656e18a1f633be9ecd94b393a Issue introduced in 4.14.226 with commit 4a8b4124ea4156ca52918b66c750a69c6d932aa5 Issue introduced in 4.19.181 with commit 3fe116e33a855bbfdd32dc207e9be2a41e3ed3a6 Issue introduced in 5.4.106 with commit c0e0ab60d0b15469e69db93215dad009999f5a5b Issue introduced in 5.10.24 with commit 5ab9464a2a3c538eedbb438f1802f2fd98d0953f Issue introduced in 5.11.7 with commit d28492be82e19fc69cc69975fc2052b37ef0c821 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68239 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/binfmt_misc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/e785f552ab04dbca01d31f0334f4561240b04459 https://git.kernel.org/stable/c/90f601b497d76f40fa66795c3ecf625b6aced9fd
Powered by blists - more mailing lists