cve/published/2025/CVE-2025-37983.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-37983: qibfs: fix _another_ leak

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 qibfs: fix _another_ leak

 failure to allocate inode => leaked dentry...

 this one had been there since the initial merge; to be fair,
 if we are that far OOM, the odds of failing at that particular
 allocation are low...

 The Linux kernel CVE team has assigned CVE-2025-37983 to this issue.


 Affected and fixed versions
 ===========================

 	Fixed in 5.4.293 with commit 5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6
 	Fixed in 5.10.237 with commit 3c2fde33e3e505dfd1a895d1f24bad650c655e14
 	Fixed in 5.15.181 with commit 5fe708c5e3c8b2152c6caaa67243e431a5d6cca3
 	Fixed in 6.1.136 with commit 545defa656568c74590317cd30068f85134a8216
 	Fixed in 6.6.89 with commit 5d53e88d8370b9ab14dd830abb410d9a2671edb6
 	Fixed in 6.12.26 with commit 47ab2caba495c1d6a899d284e541a8df656dcfe9
 	Fixed in 6.14.5 with commit 24faa6ea274a2b96d0a78a0996c3137c2b2a65f0
 	Fixed in 6.15 with commit bdb43af4fdb39f844ede401bdb1258f67a580a27

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-37983
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/infiniband/hw/qib/qib_fs.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6
 	https://git.kernel.org/stable/c/3c2fde33e3e505dfd1a895d1f24bad650c655e14
 	https://git.kernel.org/stable/c/5fe708c5e3c8b2152c6caaa67243e431a5d6cca3
 	https://git.kernel.org/stable/c/545defa656568c74590317cd30068f85134a8216
 	https://git.kernel.org/stable/c/5d53e88d8370b9ab14dd830abb410d9a2671edb6
 	https://git.kernel.org/stable/c/47ab2caba495c1d6a899d284e541a8df656dcfe9
 	https://git.kernel.org/stable/c/24faa6ea274a2b96d0a78a0996c3137c2b2a65f0
 	https://git.kernel.org/stable/c/bdb43af4fdb39f844ede401bdb1258f67a580a27
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-37983: qibfs: fix _another_ leak

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	qibfs: fix _another_ leak

	failure to allocate inode => leaked dentry...

	this one had been there since the initial merge; to be fair,
	if we are that far OOM, the odds of failing at that particular
	allocation are low...

	The Linux kernel CVE team has assigned CVE-2025-37983 to this issue.


	Affected and fixed versions
	===========================

	Fixed in 5.4.293 with commit 5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6
	Fixed in 5.10.237 with commit 3c2fde33e3e505dfd1a895d1f24bad650c655e14
	Fixed in 5.15.181 with commit 5fe708c5e3c8b2152c6caaa67243e431a5d6cca3
	Fixed in 6.1.136 with commit 545defa656568c74590317cd30068f85134a8216
	Fixed in 6.6.89 with commit 5d53e88d8370b9ab14dd830abb410d9a2671edb6
	Fixed in 6.12.26 with commit 47ab2caba495c1d6a899d284e541a8df656dcfe9
	Fixed in 6.14.5 with commit 24faa6ea274a2b96d0a78a0996c3137c2b2a65f0
	Fixed in 6.15 with commit bdb43af4fdb39f844ede401bdb1258f67a580a27

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-37983
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/infiniband/hw/qib/qib_fs.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/5e280cce3a29b7fe7b828c6ccd5aa5ba87ceb6b6
	https://git.kernel.org/stable/c/3c2fde33e3e505dfd1a895d1f24bad650c655e14
	https://git.kernel.org/stable/c/5fe708c5e3c8b2152c6caaa67243e431a5d6cca3
	https://git.kernel.org/stable/c/545defa656568c74590317cd30068f85134a8216
	https://git.kernel.org/stable/c/5d53e88d8370b9ab14dd830abb410d9a2671edb6
	https://git.kernel.org/stable/c/47ab2caba495c1d6a899d284e541a8df656dcfe9
	https://git.kernel.org/stable/c/24faa6ea274a2b96d0a78a0996c3137c2b2a65f0
	https://git.kernel.org/stable/c/bdb43af4fdb39f844ede401bdb1258f67a580a27