| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121635-CVE-2025-68238-fd37@gregkh> Date: Tue, 16 Dec 2025 15:08:38 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68238: mtd: rawnand: cadence: fix DMA device NULL pointer dereference From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix DMA device NULL pointer dereference The DMA device pointer `dma_dev` was being dereferenced before ensuring that `cdns_ctrl->dmac` is properly initialized. Move the assignment of `dma_dev` after successfully acquiring the DMA channel to ensure the pointer is valid before use. The Linux kernel CVE team has assigned CVE-2025-68238 to this issue. Affected and fixed versions =========================== Issue introduced in 5.10.235 with commit 0cae7c285f4771a9927ef592899234d307aea5d4 and fixed in 5.10.247 with commit 2178b0255eae108bb10e5e99658b28641bc06f43 Issue introduced in 5.15.179 with commit 099a316518508be7c57de4134ef919b2dea948ce and fixed in 5.15.197 with commit 9c58c64ec41290c12490ca7e1df45013fbbb41fd Issue introduced in 6.1.130 with commit e630d32162a8aab92d4aaebae0a8d93039257593 and fixed in 6.1.159 with commit e282a4fdf3c6ee842a720010a8b5f7d77bedd126 Issue introduced in 6.6.80 with commit ad9393467fbd788ac2b8a01e492e45ab1b68a1b1 and fixed in 6.6.118 with commit b146e0b085d9d6bfe838e0a15481cba7d093c67f Issue introduced in 6.12.17 with commit 0ce5416863965ddd86e066484a306867cf1e01a8 and fixed in 6.12.60 with commit 0c635241a62f2f5da1b48bfffae226d1f86a76ef Issue introduced in 6.14 with commit d76d22b5096c5b05208fd982b153b3f182350b19 and fixed in 6.17.10 with commit 0c2a43cb43786011b48eeab6093db14888258c6b Issue introduced in 6.14 with commit d76d22b5096c5b05208fd982b153b3f182350b19 and fixed in 6.18 with commit 5c56bf214af85ca042bf97f8584aab2151035840 Issue introduced in 6.13.5 with commit a33c7492dcdf804b705b6c21018a481414d48038 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68238 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/mtd/nand/raw/cadence-nand-controller.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2178b0255eae108bb10e5e99658b28641bc06f43 https://git.kernel.org/stable/c/9c58c64ec41290c12490ca7e1df45013fbbb41fd https://git.kernel.org/stable/c/e282a4fdf3c6ee842a720010a8b5f7d77bedd126 https://git.kernel.org/stable/c/b146e0b085d9d6bfe838e0a15481cba7d093c67f https://git.kernel.org/stable/c/0c635241a62f2f5da1b48bfffae226d1f86a76ef https://git.kernel.org/stable/c/0c2a43cb43786011b48eeab6093db14888258c6b https://git.kernel.org/stable/c/5c56bf214af85ca042bf97f8584aab2151035840
Powered by blists - more mailing lists