| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025122403-CVE-2025-68378-60d1@gregkh> Date: Wed, 24 Dec 2025 11:35:23 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-68378: bpf: Fix stackmap overflow check in __bpf_get_stackid() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check in __bpf_get_stackid() Syzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid() when copying stack trace data. The issue occurs when the perf trace contains more stack entries than the stack map bucket can hold, leading to an out-of-bounds write in the bucket's data array. The Linux kernel CVE team has assigned CVE-2025-68378 to this issue. Affected and fixed versions =========================== Issue introduced in 5.18 with commit ee2a098851bfbe8bcdd964c0121f4246f00ff41e and fixed in 6.12.63 with commit d1f424a77b6bd27b361737ed73df49a0158f1590 Issue introduced in 5.18 with commit ee2a098851bfbe8bcdd964c0121f4246f00ff41e and fixed in 6.17.13 with commit 2a008f6de163279deffd488c1deab081bce5667c Issue introduced in 5.18 with commit ee2a098851bfbe8bcdd964c0121f4246f00ff41e and fixed in 6.18.2 with commit 4669a8db976c8cbd5427fe9945f12c5fa5168ff3 Issue introduced in 5.18 with commit ee2a098851bfbe8bcdd964c0121f4246f00ff41e and fixed in 6.19-rc1 with commit 23f852daa4bab4d579110e034e4d513f7d490846 Issue introduced in 5.10.110 with commit 90805175a206f784b6a77f16f07b07f6803e286b Issue introduced in 5.15.33 with commit 398ac11f4425d1e52aaf0d05d4fc90524e1a5b5e Issue introduced in 5.16.19 with commit e750f78c4ed7cefbcefb9769b3b9e08033db39da Issue introduced in 5.17.2 with commit 6c4f243b58f5362e983386488b2d563764c567af Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-68378 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/bpf/stackmap.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/d1f424a77b6bd27b361737ed73df49a0158f1590 https://git.kernel.org/stable/c/2a008f6de163279deffd488c1deab081bce5667c https://git.kernel.org/stable/c/4669a8db976c8cbd5427fe9945f12c5fa5168ff3 https://git.kernel.org/stable/c/23f852daa4bab4d579110e034e4d513f7d490846
Powered by blists - more mailing lists