| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025121628-CVE-2025-68171-d43d@gregkh>
Date: Tue, 16 Dec 2025 14:43:32 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
x86/fpu: Ensure XFD state on signal delivery
Sean reported [1] the following splat when running KVM tests:
WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70
Call Trace:
<TASK>
fpu__clear_user_states+0x9c/0x100
arch_do_signal_or_restart+0x142/0x210
exit_to_user_mode_loop+0x55/0x100
do_syscall_64+0x205/0x2c0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
Chao further identified [2] a reproducible scenario involving signal
delivery: a non-AMX task is preempted by an AMX-enabled task which
modifies the XFD MSR.
When the non-AMX task resumes and reloads XSTATE with init values,
a warning is triggered due to a mismatch between fpstate::xfd and the
CPU's current XFD state. fpu__clear_user_states() does not currently
re-synchronize the XFD state after such preemption.
Invoke xfd_update_state() which detects and corrects the mismatch if
there is a dynamic feature.
This also benefits the sigreturn path, as fpu__restore_sig() may call
fpu__clear_user_states() when the sigframe is inaccessible.
[ dhansen: minor changelog munging ]
The Linux kernel CVE team has assigned CVE-2025-68171 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.16 with commit 672365477ae8afca5a1cca98c1deb733235e4525 and fixed in 6.1.159 with commit eefbfb722042fc9210d2e0ac2b063fd1abf51895
Issue introduced in 5.16 with commit 672365477ae8afca5a1cca98c1deb733235e4525 and fixed in 6.6.117 with commit 1811c610653c0cd21cc9add14595b7cffaeca511
Issue introduced in 5.16 with commit 672365477ae8afca5a1cca98c1deb733235e4525 and fixed in 6.12.58 with commit 5b2619b488f1d08b960c43c6468dd0759e8b3035
Issue introduced in 5.16 with commit 672365477ae8afca5a1cca98c1deb733235e4525 and fixed in 6.17.8 with commit 3f735419c4b43cde42e6d408db39137b82474e31
Issue introduced in 5.16 with commit 672365477ae8afca5a1cca98c1deb733235e4525 and fixed in 6.18 with commit 388eff894d6bc5f921e9bfff0e4b0ab2684a96e9
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-68171
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
arch/x86/kernel/fpu/core.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/eefbfb722042fc9210d2e0ac2b063fd1abf51895
https://git.kernel.org/stable/c/1811c610653c0cd21cc9add14595b7cffaeca511
https://git.kernel.org/stable/c/5b2619b488f1d08b960c43c6468dd0759e8b3035
https://git.kernel.org/stable/c/3f735419c4b43cde42e6d408db39137b82474e31
https://git.kernel.org/stable/c/388eff894d6bc5f921e9bfff0e4b0ab2684a96e9
Powered by blists - more mailing lists