| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121623-CVE-2025-68249-f6bc@gregkh> Date: Tue, 16 Dec 2025 15:32:25 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68249: most: usb: hdm_probe: Fix calling put_device() before device initialization From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: most: usb: hdm_probe: Fix calling put_device() before device initialization The early error path in hdm_probe() can jump to err_free_mdev before &mdev->dev has been initialized with device_initialize(). Calling put_device(&mdev->dev) there triggers a device core WARN and ends up invoking kref_put(&kobj->kref, kobject_release) on an uninitialized kobject. In this path the private struct was only kmalloc'ed and the intended release is effectively kfree(mdev) anyway, so free it directly instead of calling put_device() on an uninitialized device. This removes the WARNING and fixes the pre-initialization error path. The Linux kernel CVE team has assigned CVE-2025-68249 to this issue. Affected and fixed versions =========================== Issue introduced in 5.9 with commit 97a6f772f36b7f52bcfa56a581bbd2470cffe23d and fixed in 5.10.246 with commit 3509c748e79435d09e730673c8c100b7f0ebc87c Issue introduced in 5.9 with commit 97a6f772f36b7f52bcfa56a581bbd2470cffe23d and fixed in 5.15.196 with commit ad2be44882716dc3589fbc5572cc13f88ead6b24 Issue introduced in 5.9 with commit 97a6f772f36b7f52bcfa56a581bbd2470cffe23d and fixed in 6.1.158 with commit c400410fe0580dd6118ae8d60287ac9ce71a65fd Issue introduced in 5.9 with commit 97a6f772f36b7f52bcfa56a581bbd2470cffe23d and fixed in 6.6.115 with commit 6fb8fbc0aa542af5bf0fed94fa6b0edf18144f95 Issue introduced in 5.9 with commit 97a6f772f36b7f52bcfa56a581bbd2470cffe23d and fixed in 6.12.56 with commit 7d851f746067b8ee5bac9c262f326ace0a6ea253 Issue introduced in 5.9 with commit 97a6f772f36b7f52bcfa56a581bbd2470cffe23d and fixed in 6.17.6 with commit 4af0eedbdb4df7936bf43a28e31af232744d2620 Issue introduced in 5.9 with commit 97a6f772f36b7f52bcfa56a581bbd2470cffe23d and fixed in 6.18 with commit a8cc9e5fcb0e2eef21513a4fec888f5712cb8162 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68249 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/most/most_usb.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3509c748e79435d09e730673c8c100b7f0ebc87c https://git.kernel.org/stable/c/ad2be44882716dc3589fbc5572cc13f88ead6b24 https://git.kernel.org/stable/c/c400410fe0580dd6118ae8d60287ac9ce71a65fd https://git.kernel.org/stable/c/6fb8fbc0aa542af5bf0fed94fa6b0edf18144f95 https://git.kernel.org/stable/c/7d851f746067b8ee5bac9c262f326ace0a6ea253 https://git.kernel.org/stable/c/4af0eedbdb4df7936bf43a28e31af232744d2620 https://git.kernel.org/stable/c/a8cc9e5fcb0e2eef21513a4fec888f5712cb8162
Powered by blists - more mailing lists