| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122230-CVE-2025-68330-0f0f@gregkh> Date: Mon, 22 Dec 2025 17:12:32 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68330: iio: accel: bmc150: Fix irq assumption regression From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like this if the device has no interrupts: Unable to handle kernel NULL pointer dereference at virtual address 00000001 when read PC is at bmc150_accel_set_interrupt+0x98/0x194 LR is at __pm_runtime_resume+0x5c/0x64 (...) Call trace: bmc150_accel_set_interrupt from bmc150_accel_buffer_postenable+0x40/0x108 bmc150_accel_buffer_postenable from __iio_update_buffers+0xbe0/0xcbc __iio_update_buffers from enable_store+0x84/0xc8 enable_store from kernfs_fop_write_iter+0x154/0x1b4 This bug seems to have been in the driver since the beginning, but it only manifests recently, I do not know why. Store the IRQ number in the state struct, as this is a common pattern in other drivers, then use this to determine if we have IRQ support or not. The Linux kernel CVE team has assigned CVE-2025-68330 to this issue. Affected and fixed versions =========================== Fixed in 5.15.197 with commit aad9d048a3211c48ec02efa405bf462856feb862 Fixed in 6.1.159 with commit c891f504bb66604c822e7985e093cf39b97fdeb0 Fixed in 6.6.119 with commit cdd4a9e98004bd7c7488311951fa6dbae38b2b80 Fixed in 6.12.61 with commit 65ad4ed983fd9ee0259d86391d6a53f78203918c Fixed in 6.17.11 with commit 93eaa5ddc5fc4f50ac396afad8ce261102ebd4f3 Fixed in 6.18 with commit 3aa385a9c75c09b59dcab2ff76423439d23673ab Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68330 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/iio/accel/bmc150-accel-core.c drivers/iio/accel/bmc150-accel.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/aad9d048a3211c48ec02efa405bf462856feb862 https://git.kernel.org/stable/c/c891f504bb66604c822e7985e093cf39b97fdeb0 https://git.kernel.org/stable/c/cdd4a9e98004bd7c7488311951fa6dbae38b2b80 https://git.kernel.org/stable/c/65ad4ed983fd9ee0259d86391d6a53f78203918c https://git.kernel.org/stable/c/93eaa5ddc5fc4f50ac396afad8ce261102ebd4f3 https://git.kernel.org/stable/c/3aa385a9c75c09b59dcab2ff76423439d23673ab
Powered by blists - more mailing lists