| From bippy-1.2.0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@kernel.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2025-23161: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type |
| |
| The access to the PCI config space via pci_ops::read and pci_ops::write is |
| a low-level hardware access. The functions can be accessed with disabled |
| interrupts even on PREEMPT_RT. The pci_lock is a raw_spinlock_t for this |
| purpose. |
| |
| A spinlock_t becomes a sleeping lock on PREEMPT_RT, so it cannot be |
| acquired with disabled interrupts. The vmd_dev::cfg_lock is accessed in |
| the same context as the pci_lock. |
| |
| Make vmd_dev::cfg_lock a raw_spinlock_t type so it can be used with |
| interrupts disabled. |
| |
| This was reported as: |
| |
| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 |
| Call Trace: |
| rt_spin_lock+0x4e/0x130 |
| vmd_pci_read+0x8d/0x100 [vmd] |
| pci_user_read_config_byte+0x6f/0xe0 |
| pci_read_config+0xfe/0x290 |
| sysfs_kf_bin_read+0x68/0x90 |
| |
| [bigeasy: reword commit message] |
| Tested-off-by: Luis Claudio R. Goncalves <lgoncalv@redhat.com> |
| [kwilczynski: commit log] |
| [bhelgaas: add back report info from |
| https://lore.kernel.org/lkml/20241218115951.83062-1-ryotkkr98@gmail.com/] |
| |
| The Linux kernel CVE team has assigned CVE-2025-23161 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Fixed in 5.15.181 with commit c250262d6485ca333e9821f85b07eb383ec546b1 |
| Fixed in 6.1.135 with commit c2968c812339593ac6e2bdd5cc3adabe3f05fa53 |
| Fixed in 6.6.88 with commit 13e5148f70e81991acbe0bab5b1b50ba699116e7 |
| Fixed in 6.12.24 with commit 5c3cfcf0b4bf43530788b08a8eaf7896ec567484 |
| Fixed in 6.13.12 with commit 2358046ead696ca5c7c628d6c0e2c6792619a3e5 |
| Fixed in 6.14.3 with commit 20d0a9062c031068fa39f725a32f182b709b5525 |
| Fixed in 6.15 with commit 18056a48669a040bef491e63b25896561ee14d90 |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2025-23161 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| drivers/pci/controller/vmd.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/c250262d6485ca333e9821f85b07eb383ec546b1 |
| https://git.kernel.org/stable/c/c2968c812339593ac6e2bdd5cc3adabe3f05fa53 |
| https://git.kernel.org/stable/c/13e5148f70e81991acbe0bab5b1b50ba699116e7 |
| https://git.kernel.org/stable/c/5c3cfcf0b4bf43530788b08a8eaf7896ec567484 |
| https://git.kernel.org/stable/c/2358046ead696ca5c7c628d6c0e2c6792619a3e5 |
| https://git.kernel.org/stable/c/20d0a9062c031068fa39f725a32f182b709b5525 |
| https://git.kernel.org/stable/c/18056a48669a040bef491e63b25896561ee14d90 |
