| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011415-CVE-2025-71118-1a69@gregkh>
Date: Wed, 14 Jan 2026 16:06:23 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-cve-announce@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...nel.org>
Subject: CVE-2025-71118: ACPICA: Avoid walking the Namespace if start_node is NULL
From: Greg Kroah-Hartman <gregkh@...nel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid walking the Namespace if start_node is NULL
Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace
if it is not there") fixed the situation when both start_node and
acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed
on Honor Magicbook 14 Pro [1].
That happens due to the access to the member of parent_node in
acpi_ns_get_next_node(). The NULL pointer dereference will always
happen, no matter whether or not the start_node is equal to
ACPI_ROOT_OBJECT, so move the check of start_node being NULL
out of the if block.
Unfortunately, all the attempts to contact Honor have failed, they
refused to provide any technical support for Linux.
The bad DSDT table's dump could be found on GitHub [2].
DMI: HONOR FMB-P/FMB-P-PCB, BIOS 1.13 05/08/2025
[ rjw: Subject adjustment, changelog edits ]
The Linux kernel CVE team has assigned CVE-2025-71118 to this issue.
Affected and fixed versions
===========================
Fixed in 6.1.160 with commit 7f9b951ed11842373851dd3c91860778356d62d3
Fixed in 6.6.120 with commit 1bc34293dfbd266c29875206849b4f8e8177e6df
Fixed in 6.12.64 with commit 0d8bb08126920fd4b12dbf32d9250757c9064b36
Fixed in 6.18.3 with commit f91dad0a3b381244183ffbea4cec5a7a69d6f41e
Fixed in 6.19-rc1 with commit 9d6c58dae8f6590c746ac5d0012ffe14a77539f0
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2025-71118
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
drivers/acpi/acpica/nswalk.c
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/7f9b951ed11842373851dd3c91860778356d62d3
https://git.kernel.org/stable/c/1bc34293dfbd266c29875206849b4f8e8177e6df
https://git.kernel.org/stable/c/0d8bb08126920fd4b12dbf32d9250757c9064b36
https://git.kernel.org/stable/c/f91dad0a3b381244183ffbea4cec5a7a69d6f41e
https://git.kernel.org/stable/c/9d6c58dae8f6590c746ac5d0012ffe14a77539f0
Powered by blists - more mailing lists