cve/published/2025/CVE-2025-21680.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 pktgen: Avoid out-of-bounds access in get_imix_entries

 Passing a sufficient amount of imix entries leads to invalid access to the
 pkt_dev->imix_entries array because of the incorrect boundary check.

 UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24
 index 20 is out of range for type 'imix_pkt [20]'
 CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
 Call Trace:
 <TASK>
 dump_stack_lvl lib/dump_stack.c:117
 __ubsan_handle_out_of_bounds lib/ubsan.c:429
 get_imix_entries net/core/pktgen.c:874
 pktgen_if_write net/core/pktgen.c:1063
 pde_write fs/proc/inode.c:334
 proc_reg_write fs/proc/inode.c:346
 vfs_write fs/read_write.c:593
 ksys_write fs/read_write.c:644
 do_syscall_64 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130

 Found by Linux Verification Center (linuxtesting.org) with SVACE.

 [ fp: allow to fill the array completely; minor changelog cleanup ]

 The Linux kernel CVE team has assigned CVE-2025-21680 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 5.15.177 with commit 3450092cc2d1c311c5ea92a2486daa2a33520ea5
 	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.1.127 with commit e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486
 	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.6.74 with commit 7cde21f52042aa2e29a654458166b873d2ae66b3
 	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.12.11 with commit 1a9b65c672ca9dc4ba52ca2fd54329db9580ce29
 	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.13 with commit 76201b5979768500bca362871db66d77cb4c225e

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-21680
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/core/pktgen.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/3450092cc2d1c311c5ea92a2486daa2a33520ea5
 	https://git.kernel.org/stable/c/e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486
 	https://git.kernel.org/stable/c/7cde21f52042aa2e29a654458166b873d2ae66b3
 	https://git.kernel.org/stable/c/1a9b65c672ca9dc4ba52ca2fd54329db9580ce29
 	https://git.kernel.org/stable/c/76201b5979768500bca362871db66d77cb4c225e
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-21680: pktgen: Avoid out-of-bounds access in get_imix_entries

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	pktgen: Avoid out-of-bounds access in get_imix_entries

	Passing a sufficient amount of imix entries leads to invalid access to the
	pkt_dev->imix_entries array because of the incorrect boundary check.

	UBSAN: array-index-out-of-bounds in net/core/pktgen.c:874:24
	index 20 is out of range for type 'imix_pkt [20]'
	CPU: 2 PID: 1210 Comm: bash Not tainted 6.10.0-rc1 #121
	Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)
	Call Trace:
	<TASK>
	dump_stack_lvl lib/dump_stack.c:117
	__ubsan_handle_out_of_bounds lib/ubsan.c:429
	get_imix_entries net/core/pktgen.c:874
	pktgen_if_write net/core/pktgen.c:1063
	pde_write fs/proc/inode.c:334
	proc_reg_write fs/proc/inode.c:346
	vfs_write fs/read_write.c:593
	ksys_write fs/read_write.c:644
	do_syscall_64 arch/x86/entry/common.c:83
	entry_SYSCALL_64_after_hwframe arch/x86/entry/entry_64.S:130

	Found by Linux Verification Center (linuxtesting.org) with SVACE.

	[ fp: allow to fill the array completely; minor changelog cleanup ]

	The Linux kernel CVE team has assigned CVE-2025-21680 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 5.15.177 with commit 3450092cc2d1c311c5ea92a2486daa2a33520ea5
	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.1.127 with commit e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486
	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.6.74 with commit 7cde21f52042aa2e29a654458166b873d2ae66b3
	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.12.11 with commit 1a9b65c672ca9dc4ba52ca2fd54329db9580ce29
	Issue introduced in 5.15 with commit 52a62f8603f97e720882c8f5aff2767ac6a11d5f and fixed in 6.13 with commit 76201b5979768500bca362871db66d77cb4c225e

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-21680
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/core/pktgen.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/3450092cc2d1c311c5ea92a2486daa2a33520ea5
	https://git.kernel.org/stable/c/e5d24a7074dcd0c7e76b7e7e4efbbe7418d62486
	https://git.kernel.org/stable/c/7cde21f52042aa2e29a654458166b873d2ae66b3
	https://git.kernel.org/stable/c/1a9b65c672ca9dc4ba52ca2fd54329db9580ce29
	https://git.kernel.org/stable/c/76201b5979768500bca362871db66d77cb4c225e