cve/published/2025/CVE-2025-21785.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

 The loop that detects/populates cache information already has a bounds
 check on the array size but does not account for cache levels with
 separate data/instructions cache. Fix this by incrementing the index
 for any populated leaf (instead of any populated level).

 The Linux kernel CVE team has assigned CVE-2025-21785 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 5.4.291 with commit 4371ac7b494e933fffee2bd6265d18d73c4f05aa
 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 5.10.235 with commit e4fde33107351ec33f1a64188612fbc6ca659284
 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 5.15.179 with commit 88a3e6afaf002250220793df99404977d343db14
 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.1.129 with commit 4ff25f0b18d1d0174c105e4620428bcdc1213860
 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.6.79 with commit ab90894f33c15b14c1cee6959ab6c8dcb09127f8
 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.12.16 with commit 715eb1af64779e1b1aa0a7b2ffb81414d9f708e5
 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.13.4 with commit 67b99a2b5811df4294c2ad50f9bff3b6a08bd618
 	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.14 with commit 875d742cf5327c93cba1f11e12b08d3cce7a88d2

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-21785
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	arch/arm64/kernel/cacheinfo.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/4371ac7b494e933fffee2bd6265d18d73c4f05aa
 	https://git.kernel.org/stable/c/e4fde33107351ec33f1a64188612fbc6ca659284
 	https://git.kernel.org/stable/c/88a3e6afaf002250220793df99404977d343db14
 	https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e4620428bcdc1213860
 	https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959ab6c8dcb09127f8
 	https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2ffb81414d9f708e5
 	https://git.kernel.org/stable/c/67b99a2b5811df4294c2ad50f9bff3b6a08bd618
 	https://git.kernel.org/stable/c/875d742cf5327c93cba1f11e12b08d3cce7a88d2
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

	The loop that detects/populates cache information already has a bounds
	check on the array size but does not account for cache levels with
	separate data/instructions cache. Fix this by incrementing the index
	for any populated leaf (instead of any populated level).

	The Linux kernel CVE team has assigned CVE-2025-21785 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 5.4.291 with commit 4371ac7b494e933fffee2bd6265d18d73c4f05aa
	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 5.10.235 with commit e4fde33107351ec33f1a64188612fbc6ca659284
	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 5.15.179 with commit 88a3e6afaf002250220793df99404977d343db14
	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.1.129 with commit 4ff25f0b18d1d0174c105e4620428bcdc1213860
	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.6.79 with commit ab90894f33c15b14c1cee6959ab6c8dcb09127f8
	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.12.16 with commit 715eb1af64779e1b1aa0a7b2ffb81414d9f708e5
	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.13.4 with commit 67b99a2b5811df4294c2ad50f9bff3b6a08bd618
	Issue introduced in 4.0 with commit 5d425c18653731af62831d30a4fa023d532657a9 and fixed in 6.14 with commit 875d742cf5327c93cba1f11e12b08d3cce7a88d2

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-21785
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	arch/arm64/kernel/cacheinfo.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/4371ac7b494e933fffee2bd6265d18d73c4f05aa
	https://git.kernel.org/stable/c/e4fde33107351ec33f1a64188612fbc6ca659284
	https://git.kernel.org/stable/c/88a3e6afaf002250220793df99404977d343db14
	https://git.kernel.org/stable/c/4ff25f0b18d1d0174c105e4620428bcdc1213860
	https://git.kernel.org/stable/c/ab90894f33c15b14c1cee6959ab6c8dcb09127f8
	https://git.kernel.org/stable/c/715eb1af64779e1b1aa0a7b2ffb81414d9f708e5
	https://git.kernel.org/stable/c/67b99a2b5811df4294c2ad50f9bff3b6a08bd618
	https://git.kernel.org/stable/c/875d742cf5327c93cba1f11e12b08d3cce7a88d2