cve/published/2025/CVE-2025-37788.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-37788: cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path

 In the for loop used to allocate the loc_array and bmap for each port, a
 memory leak is possible when the allocation for loc_array succeeds,
 but the allocation for bmap fails. This is because when the control flow
 goes to the label free_eth_finfo, only the allocations starting from
 (i-1)th iteration are freed.

 Fix that by freeing the loc_array in the bmap allocation error path.

 The Linux kernel CVE team has assigned CVE-2025-37788 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 5.10.237 with commit e9de08e15aee35b96064960f95997bb6c1209c4b
 	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 5.15.181 with commit 118d05b530343cd9322607b9719405ba254a4183
 	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.1.135 with commit fa2d7708955e4f8212fd69bab1da604e60cb0b15
 	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.6.88 with commit 08aa59c0be768596467552c129e9f82166779a67
 	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.12.25 with commit dafb6e433ab2333b67be05433dc9c6ccbc7b1284
 	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.14.4 with commit 76deedea08899885f076aba0bb80bd1276446822
 	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.15 with commit 00ffb3724ce743578163f5ade2884374554ca021

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-37788
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/e9de08e15aee35b96064960f95997bb6c1209c4b
 	https://git.kernel.org/stable/c/118d05b530343cd9322607b9719405ba254a4183
 	https://git.kernel.org/stable/c/fa2d7708955e4f8212fd69bab1da604e60cb0b15
 	https://git.kernel.org/stable/c/08aa59c0be768596467552c129e9f82166779a67
 	https://git.kernel.org/stable/c/dafb6e433ab2333b67be05433dc9c6ccbc7b1284
 	https://git.kernel.org/stable/c/76deedea08899885f076aba0bb80bd1276446822
 	https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-37788: cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path

	In the for loop used to allocate the loc_array and bmap for each port, a
	memory leak is possible when the allocation for loc_array succeeds,
	but the allocation for bmap fails. This is because when the control flow
	goes to the label free_eth_finfo, only the allocations starting from
	(i-1)th iteration are freed.

	Fix that by freeing the loc_array in the bmap allocation error path.

	The Linux kernel CVE team has assigned CVE-2025-37788 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 5.10.237 with commit e9de08e15aee35b96064960f95997bb6c1209c4b
	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 5.15.181 with commit 118d05b530343cd9322607b9719405ba254a4183
	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.1.135 with commit fa2d7708955e4f8212fd69bab1da604e60cb0b15
	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.6.88 with commit 08aa59c0be768596467552c129e9f82166779a67
	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.12.25 with commit dafb6e433ab2333b67be05433dc9c6ccbc7b1284
	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.14.4 with commit 76deedea08899885f076aba0bb80bd1276446822
	Issue introduced in 5.9 with commit d915c299f1da68a7dbb43895b8741c7b916c9d08 and fixed in 6.15 with commit 00ffb3724ce743578163f5ade2884374554ca021

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-37788
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/e9de08e15aee35b96064960f95997bb6c1209c4b
	https://git.kernel.org/stable/c/118d05b530343cd9322607b9719405ba254a4183
	https://git.kernel.org/stable/c/fa2d7708955e4f8212fd69bab1da604e60cb0b15
	https://git.kernel.org/stable/c/08aa59c0be768596467552c129e9f82166779a67
	https://git.kernel.org/stable/c/dafb6e433ab2333b67be05433dc9c6ccbc7b1284
	https://git.kernel.org/stable/c/76deedea08899885f076aba0bb80bd1276446822
	https://git.kernel.org/stable/c/00ffb3724ce743578163f5ade2884374554ca021