cve/published/2025/CVE-2025-38003.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-1.2.0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@kernel.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2025-38003: can: bcm: add missing rcu read protection for procfs content

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 can: bcm: add missing rcu read protection for procfs content

 When the procfs content is generated for a bcm_op which is in the process
 to be removed the procfs output might show unreliable data (UAF).

 As the removal of bcm_op's is already implemented with rcu handling this
 patch adds the missing rcu_read_lock() and makes sure the list entries
 are properly removed under rcu protection.

 The Linux kernel CVE team has assigned CVE-2025-38003 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.4.205 with commit 5b48f5711f1c630841ab78dcc061de902f0e37bf and fixed in 5.4.294 with commit 19f553a1ddf260da6570ed8f8d91a8c87f49b63a
 	Issue introduced in 5.10.130 with commit 85cd41070df992d3c0dfd828866fdd243d3b774a and fixed in 5.10.238 with commit 659701c0b954ccdb4a916a4ad59bbc16e726d42c
 	Issue introduced in 5.15.54 with commit f34f2a18e47b73e48f90a757e1f4aaa8c7d665a1 and fixed in 5.15.185 with commit 0622846db728a5332b917c797c733e202c4620ae
 	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.1.141 with commit 6d7d458c41b98a5c1670cbd36f2923c37de51cf5
 	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.6.93 with commit 1f912f8484e9c4396378c39460bbea0af681f319
 	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.12.31 with commit 63567ecd99a24495208dc860d50fb17440043006
 	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.14.9 with commit 7c9db92d5f0eadca30884af75c53d601edc512ee
 	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.15 with commit dac5e6249159ac255dad9781793dbe5908ac9ddb
 	Issue introduced in 4.19.252 with commit fbac09a3b8890003c0c55294c00709f3ae5501bb
 	Issue introduced in 5.18.11 with commit edb4baffb9483141a50fb7f7146cfe4a4c0c2db8

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2025-38003
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/can/bcm.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a
 	https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c
 	https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae
 	https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5
 	https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319
 	https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006
 	https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee
 	https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb
	From bippy-1.2.0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@kernel.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2025-38003: can: bcm: add missing rcu read protection for procfs content

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	can: bcm: add missing rcu read protection for procfs content

	When the procfs content is generated for a bcm_op which is in the process
	to be removed the procfs output might show unreliable data (UAF).

	As the removal of bcm_op's is already implemented with rcu handling this
	patch adds the missing rcu_read_lock() and makes sure the list entries
	are properly removed under rcu protection.

	The Linux kernel CVE team has assigned CVE-2025-38003 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.4.205 with commit 5b48f5711f1c630841ab78dcc061de902f0e37bf and fixed in 5.4.294 with commit 19f553a1ddf260da6570ed8f8d91a8c87f49b63a
	Issue introduced in 5.10.130 with commit 85cd41070df992d3c0dfd828866fdd243d3b774a and fixed in 5.10.238 with commit 659701c0b954ccdb4a916a4ad59bbc16e726d42c
	Issue introduced in 5.15.54 with commit f34f2a18e47b73e48f90a757e1f4aaa8c7d665a1 and fixed in 5.15.185 with commit 0622846db728a5332b917c797c733e202c4620ae
	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.1.141 with commit 6d7d458c41b98a5c1670cbd36f2923c37de51cf5
	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.6.93 with commit 1f912f8484e9c4396378c39460bbea0af681f319
	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.12.31 with commit 63567ecd99a24495208dc860d50fb17440043006
	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.14.9 with commit 7c9db92d5f0eadca30884af75c53d601edc512ee
	Issue introduced in 5.19 with commit f1b4e32aca0811aa011c76e5d6cf2fa19224b386 and fixed in 6.15 with commit dac5e6249159ac255dad9781793dbe5908ac9ddb
	Issue introduced in 4.19.252 with commit fbac09a3b8890003c0c55294c00709f3ae5501bb
	Issue introduced in 5.18.11 with commit edb4baffb9483141a50fb7f7146cfe4a4c0c2db8

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2025-38003
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/can/bcm.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/19f553a1ddf260da6570ed8f8d91a8c87f49b63a
	https://git.kernel.org/stable/c/659701c0b954ccdb4a916a4ad59bbc16e726d42c
	https://git.kernel.org/stable/c/0622846db728a5332b917c797c733e202c4620ae
	https://git.kernel.org/stable/c/6d7d458c41b98a5c1670cbd36f2923c37de51cf5
	https://git.kernel.org/stable/c/1f912f8484e9c4396378c39460bbea0af681f319
	https://git.kernel.org/stable/c/63567ecd99a24495208dc860d50fb17440043006
	https://git.kernel.org/stable/c/7c9db92d5f0eadca30884af75c53d601edc512ee
	https://git.kernel.org/stable/c/dac5e6249159ac255dad9781793dbe5908ac9ddb