| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026011455-CVE-2025-71141-5d19@gregkh> Date: Wed, 14 Jan 2026 16:08:05 +0100 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2025-71141: drm/tilcdc: Fix removal actions in case of failed probe From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/tilcdc: Fix removal actions in case of failed probe The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers should only be called when the device has been successfully registered. Currently, these functions are called unconditionally in tilcdc_fini(), which causes warnings during probe deferral scenarios. [ 7.972317] WARNING: CPU: 0 PID: 23 at drivers/gpu/drm/drm_atomic_state_helper.c:175 drm_atomic_helper_crtc_duplicate_state+0x60/0x68 ... [ 8.005820] drm_atomic_helper_crtc_duplicate_state from drm_atomic_get_crtc_state+0x68/0x108 [ 8.005858] drm_atomic_get_crtc_state from drm_atomic_helper_disable_all+0x90/0x1c8 [ 8.005885] drm_atomic_helper_disable_all from drm_atomic_helper_shutdown+0x90/0x144 [ 8.005911] drm_atomic_helper_shutdown from tilcdc_fini+0x68/0xf8 [tilcdc] [ 8.005957] tilcdc_fini [tilcdc] from tilcdc_pdev_probe+0xb0/0x6d4 [tilcdc] Fix this by rewriting the failed probe cleanup path using the standard goto error handling pattern, which ensures that cleanup functions are only called on successfully initialized resources. Additionally, remove the now-unnecessary is_registered flag. The Linux kernel CVE team has assigned CVE-2025-71141 to this issue. Affected and fixed versions =========================== Issue introduced in 6.6.2 with commit 69f03be1fa08a66735d53d92d3429c052540e3bf and fixed in 6.6.120 with commit 21e52dc7762908c3d499cfb493d1b8281fc1d3ab Issue introduced in 6.7 with commit 3c4babae3c4a1ae05f8f3f5f3d50c440ead7ca6a and fixed in 6.18.4 with commit 71be8825e83c90c1e020feb77b29e6a99629e642 Issue introduced in 6.7 with commit 3c4babae3c4a1ae05f8f3f5f3d50c440ead7ca6a and fixed in 6.19-rc1 with commit a585c7ef9cabda58088916baedc6573e9a5cd2a7 Issue introduced in 6.5.12 with commit 84021fa4cf190e257ae8b66d284cdb92e3fabe33 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2025-71141 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/tilcdc/tilcdc_crtc.c drivers/gpu/drm/tilcdc/tilcdc_drv.c drivers/gpu/drm/tilcdc/tilcdc_drv.h Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/21e52dc7762908c3d499cfb493d1b8281fc1d3ab https://git.kernel.org/stable/c/71be8825e83c90c1e020feb77b29e6a99629e642 https://git.kernel.org/stable/c/a585c7ef9cabda58088916baedc6573e9a5cd2a7
Powered by blists - more mailing lists