| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121633-CVE-2025-68185-6db0@gregkh> Date: Tue, 16 Dec 2025 14:43:46 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68185: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy to attack. Anyway, it's easy to deal with - since xdr_encode_hyper() is just a call of put_unaligned_be64(), we can put that under ->d_lock and be done with that. The Linux kernel CVE team has assigned CVE-2025-68185 to this issue. Affected and fixed versions =========================== Fixed in 5.4.302 with commit 6025f641a0e30afdc5aa62017397b1860ad9f677 Fixed in 5.10.247 with commit e6cafe71eb3b5579b245ba1bd528a181e77f3df1 Fixed in 5.15.197 with commit fa4daf7d11e45b72aad5d943a7ab991f869fff79 Fixed in 6.1.159 with commit 504b3fb9948a9e96ebbabdee0d33966a8bab15cb Fixed in 6.6.117 with commit eacfd08b26a062f1095b18719715bc82ad35312e Fixed in 6.12.58 with commit 40be5b9080114f18b0cea386db415b68a7273c1a Fixed in 6.17.8 with commit f5e570eaab36a110c6ffda32b87c51170990c2d1 Fixed in 6.18 with commit a890a2e339b929dbd843328f9a92a1625404fe63 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68185 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: fs/nfs/nfs4proc.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/6025f641a0e30afdc5aa62017397b1860ad9f677 https://git.kernel.org/stable/c/e6cafe71eb3b5579b245ba1bd528a181e77f3df1 https://git.kernel.org/stable/c/fa4daf7d11e45b72aad5d943a7ab991f869fff79 https://git.kernel.org/stable/c/504b3fb9948a9e96ebbabdee0d33966a8bab15cb https://git.kernel.org/stable/c/eacfd08b26a062f1095b18719715bc82ad35312e https://git.kernel.org/stable/c/40be5b9080114f18b0cea386db415b68a7273c1a https://git.kernel.org/stable/c/f5e570eaab36a110c6ffda32b87c51170990c2d1 https://git.kernel.org/stable/c/a890a2e339b929dbd843328f9a92a1625404fe63
Powered by blists - more mailing lists