| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2025-21666: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] |
| |
| Recent reports have shown how we sometimes call vsock_*_has_data() |
| when a vsock socket has been de-assigned from a transport (see attached |
| links), but we shouldn't. |
| |
| Previous commits should have solved the real problems, but we may have |
| more in the future, so to avoid null-ptr-deref, we can return 0 |
| (no space, no data available) but with a warning. |
| |
| This way the code should continue to run in a nearly consistent state |
| and have a warning that allows us to debug future problems. |
| |
| The Linux kernel CVE team has assigned CVE-2025-21666 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 5.5 with commit c0cfa2d8a788fcf45df5bf4070ab2474c88d543a and fixed in 5.10.234 with commit daeac89cdb03d30028186f5ff7dc26ec8fa843e7 |
| Issue introduced in 5.5 with commit c0cfa2d8a788fcf45df5bf4070ab2474c88d543a and fixed in 5.15.177 with commit 9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e |
| Issue introduced in 5.5 with commit c0cfa2d8a788fcf45df5bf4070ab2474c88d543a and fixed in 6.1.127 with commit b52e50dd4fabd12944172bd486a4f4853b7f74dd |
| Issue introduced in 5.5 with commit c0cfa2d8a788fcf45df5bf4070ab2474c88d543a and fixed in 6.6.74 with commit bc9c49341f9728c31fe248c5fbba32d2e81a092b |
| Issue introduced in 5.5 with commit c0cfa2d8a788fcf45df5bf4070ab2474c88d543a and fixed in 6.12.11 with commit c23d1d4f8efefb72258e9cedce29de10d057f8ca |
| Issue introduced in 5.5 with commit c0cfa2d8a788fcf45df5bf4070ab2474c88d543a and fixed in 6.13 with commit 91751e248256efc111e52e15115840c35d85abaf |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2025-21666 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| net/vmw_vsock/af_vsock.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/daeac89cdb03d30028186f5ff7dc26ec8fa843e7 |
| https://git.kernel.org/stable/c/9e5fed46ccd2c34c5fa5a9c8825ce4823fdc853e |
| https://git.kernel.org/stable/c/b52e50dd4fabd12944172bd486a4f4853b7f74dd |
| https://git.kernel.org/stable/c/bc9c49341f9728c31fe248c5fbba32d2e81a092b |
| https://git.kernel.org/stable/c/c23d1d4f8efefb72258e9cedce29de10d057f8ca |
| https://git.kernel.org/stable/c/91751e248256efc111e52e15115840c35d85abaf |
