| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121636-CVE-2025-68229-8958@gregkh> Date: Tue, 16 Dec 2025 14:57:48 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68229: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() If the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we attempt to dereference it in tcm_loop_tpg_address_show() we will get a segfault, see below for an example. So, check tl_hba->sh before dereferencing it. Unable to allocate struct scsi_host BUG: kernel NULL pointer dereference, address: 0000000000000194 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 8356 Comm: tokio-runtime-w Not tainted 6.6.104.2-4.azl3 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024 RIP: 0010:tcm_loop_tpg_address_show+0x2e/0x50 [tcm_loop] ... Call Trace: <TASK> configfs_read_iter+0x12d/0x1d0 [configfs] vfs_read+0x1b5/0x300 ksys_read+0x6f/0xf0 ... The Linux kernel CVE team has assigned CVE-2025-68229 to this issue. Affected and fixed versions =========================== Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 5.4.302 with commit 63f511d3855f7f4b35dd63dbc58fc3d935a81268 Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 5.10.247 with commit 3d8c517f6eb27e47b1a198e05f8023038329b40b Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 5.15.197 with commit f449a1edd7a13bb025aaf9342ea6f8bf92684bbf Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 6.1.159 with commit 1c9ba455b5073253ceaadae4859546e38e8261fe Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 6.6.118 with commit a6ef60898ddaf1414592ce3e5b0d94276d631663 Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 6.12.60 with commit 72e8831079266749a7023618a0de2f289a9dced6 Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 6.17.10 with commit 13aff3b8a7184281b134698704d6c06863a8361b Issue introduced in 4.5 with commit 2628b352c3d4905adf8129ea50900bd980b6ccef and fixed in 6.18 with commit e6965188f84a7883e6a0d3448e86b0cf29b24dfc Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68229 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/target/loopback/tcm_loop.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/63f511d3855f7f4b35dd63dbc58fc3d935a81268 https://git.kernel.org/stable/c/3d8c517f6eb27e47b1a198e05f8023038329b40b https://git.kernel.org/stable/c/f449a1edd7a13bb025aaf9342ea6f8bf92684bbf https://git.kernel.org/stable/c/1c9ba455b5073253ceaadae4859546e38e8261fe https://git.kernel.org/stable/c/a6ef60898ddaf1414592ce3e5b0d94276d631663 https://git.kernel.org/stable/c/72e8831079266749a7023618a0de2f289a9dced6 https://git.kernel.org/stable/c/13aff3b8a7184281b134698704d6c06863a8361b https://git.kernel.org/stable/c/e6965188f84a7883e6a0d3448e86b0cf29b24dfc
Powered by blists - more mailing lists