| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121624-CVE-2025-68252-5763@gregkh> Date: Tue, 16 Dec 2025 15:32:28 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68252: misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup In fastrpc_map_lookup, dma_buf_get is called to obtain a reference to the dma_buf for comparison purposes. However, this reference is never released when the function returns, leading to a dma_buf memory leak. Fix this by adding dma_buf_put before returning from the function, ensuring that the temporarily acquired reference is properly released regardless of whether a matching map is found. Rule: add The Linux kernel CVE team has assigned CVE-2025-68252 to this issue. Affected and fixed versions =========================== Issue introduced in 6.1.156 with commit ec5cb80503bbfee67573699fe52fcf456fd57678 and fixed in 6.1.158 with commit c2fef5ebb73f3dabae6fbc571d181914ed32c483 Issue introduced in 6.6.112 with commit 6e0d6cc39f410a4d9ea774fbb254c68fe02ff4bb and fixed in 6.6.115 with commit 9a297a68c3ba4a7ecb31ed52f61bd6634abb79d3 Issue introduced in 6.12.53 with commit 6e0928a8988e873da9946e17f8065ad77c720186 and fixed in 6.12.56 with commit e17b13387827adce7acb19ac0f07f9bcafe0ff4c Issue introduced in 6.17.3 with commit 1986bba9597b3d97d3e80530dc457a1cd1994e22 and fixed in 6.17.6 with commit 214e81a63a9aa0be42382ef0365ba5ed32c513ab Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68252 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/misc/fastrpc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/c2fef5ebb73f3dabae6fbc571d181914ed32c483 https://git.kernel.org/stable/c/9a297a68c3ba4a7ecb31ed52f61bd6634abb79d3 https://git.kernel.org/stable/c/e17b13387827adce7acb19ac0f07f9bcafe0ff4c https://git.kernel.org/stable/c/214e81a63a9aa0be42382ef0365ba5ed32c513ab https://git.kernel.org/stable/c/fff111bf45cbeeb659324316d68554e35d350092
Powered by blists - more mailing lists