| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122220-CVE-2025-68336-0253@gregkh>
Date: Mon, 22 Dec 2025 17:14:28 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-68336: locking/spinlock/debug: Fix data-race in do_raw_write_lock
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
locking/spinlock/debug: Fix data-race in do_raw_write_lock
KCSAN reports:
BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock
write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1:
do_raw_write_lock+0x120/0x204
_raw_write_lock_irq
do_exit
call_usermodehelper_exec_async
ret_from_fork
read to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0:
do_raw_write_lock+0x88/0x204
_raw_write_lock_irq
do_exit
call_usermodehelper_exec_async
ret_from_fork
value changed: 0xffffffff -> 0x00000001
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111
Commit 1a365e822372 ("locking/spinlock/debug: Fix various data races") has
adressed most of these races, but seems to be not consistent/not complete.
>>From do_raw_write_lock() only debug_write_lock_after() part has been
converted to WRITE_ONCE(), but not debug_write_lock_before() part.
Do it now.
The Linux kernel CVE team has assigned CVE-2025-68336 to this issue.
Affected and fixed versions
===========================
Issue introduced in 5.5 with commit 1a365e822372ba24c9da0822bc583894f6f3d821 and fixed in 6.12.62 with commit b163a5e8c703201c905d6ec7920ed79d167e8442
Issue introduced in 5.5 with commit 1a365e822372ba24c9da0822bc583894f6f3d821 and fixed in 6.17.12 with commit 16b3590c0e1e615757dade098c8fbc0d4f040c76
Issue introduced in 5.5 with commit 1a365e822372ba24c9da0822bc583894f6f3d821 and fixed in 6.18.1 with commit 396a9270a7b90886be501611b13aa636f2e8c703
Issue introduced in 5.5 with commit 1a365e822372ba24c9da0822bc583894f6f3d821 and fixed in 6.19-rc1 with commit c14ecb555c3ee80eeb030a4e46d00e679537f03a
Issue introduced in 4.4.209 with commit 3106fb78d3579c8e9c9b3040f7f7841981919624
Issue introduced in 4.9.209 with commit c0911024ff927ba5c4786b507004cb615be1d776
Issue introduced in 4.14.164 with commit 09226e5c38639437565af01e6009a9286a351d04
Issue introduced in 4.19.95 with commit c7673f01604fa722b9d7c1e29e17cec1b8ae09c5
Issue introduced in 5.4.11 with commit c120c3dbeb76305235c8e557f84d9e2d7d0f5933
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-68336
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
kernel/locking/spinlock_debug.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/b163a5e8c703201c905d6ec7920ed79d167e8442
https://git.kernel.org/stable/c/16b3590c0e1e615757dade098c8fbc0d4f040c76
https://git.kernel.org/stable/c/396a9270a7b90886be501611b13aa636f2e8c703
https://git.kernel.org/stable/c/c14ecb555c3ee80eeb030a4e46d00e679537f03a
Powered by blists - more mailing lists