ghsa-g2hr-f739-wc32
Vulnerability from github
Published
2025-05-20 18:30
Modified
2025-05-20 18:30
Details

In the Linux kernel, the following vulnerability has been resolved:

dm: fix copying after src array boundaries

The blammed commit copied to argv the size of the reallocated argv, instead of the size of the old_argv, thus reading and copying from past the old_argv allocated memory.

Following BUG_ON was hit: [ 3.038929][ T1] kernel BUG at lib/string_helpers.c:1040! [ 3.039147][ T1] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP ... [ 3.056489][ T1] Call trace: [ 3.056591][ T1] __fortify_panic+0x10/0x18 (P) [ 3.056773][ T1] dm_split_args+0x20c/0x210 [ 3.056942][ T1] dm_table_add_target+0x13c/0x360 [ 3.057132][ T1] table_load+0x110/0x3ac [ 3.057292][ T1] dm_ctl_ioctl+0x424/0x56c [ 3.057457][ T1] __arm64_sys_ioctl+0xa8/0xec [ 3.057634][ T1] invoke_syscall+0x58/0x10c [ 3.057804][ T1] el0_svc_common+0xa8/0xdc [ 3.057970][ T1] do_el0_svc+0x1c/0x28 [ 3.058123][ T1] el0_svc+0x50/0xac [ 3.058266][ T1] el0t_64_sync_handler+0x60/0xc4 [ 3.058452][ T1] el0t_64_sync+0x1b0/0x1b4 [ 3.058620][ T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000) [ 3.058897][ T1] ---[ end trace 0000000000000000 ]--- [ 3.059083][ T1] Kernel panic - not syncing: Oops - BUG: Fatal exception

Fix it by copying the size of src, and not the size of dst, as it was.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-37902"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-20T16:15:26Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix copying after src array boundaries\n\nThe blammed commit copied to argv the size of the reallocated argv,\ninstead of the size of the old_argv, thus reading and copying from\npast the old_argv allocated memory.\n\nFollowing BUG_ON was hit:\n[    3.038929][    T1] kernel BUG at lib/string_helpers.c:1040!\n[    3.039147][    T1] Internal error: Oops - BUG: 00000000f2000800 [#1]  SMP\n...\n[    3.056489][    T1] Call trace:\n[    3.056591][    T1]  __fortify_panic+0x10/0x18 (P)\n[    3.056773][    T1]  dm_split_args+0x20c/0x210\n[    3.056942][    T1]  dm_table_add_target+0x13c/0x360\n[    3.057132][    T1]  table_load+0x110/0x3ac\n[    3.057292][    T1]  dm_ctl_ioctl+0x424/0x56c\n[    3.057457][    T1]  __arm64_sys_ioctl+0xa8/0xec\n[    3.057634][    T1]  invoke_syscall+0x58/0x10c\n[    3.057804][    T1]  el0_svc_common+0xa8/0xdc\n[    3.057970][    T1]  do_el0_svc+0x1c/0x28\n[    3.058123][    T1]  el0_svc+0x50/0xac\n[    3.058266][    T1]  el0t_64_sync_handler+0x60/0xc4\n[    3.058452][    T1]  el0t_64_sync+0x1b0/0x1b4\n[    3.058620][    T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000)\n[    3.058897][    T1] ---[ end trace 0000000000000000 ]---\n[    3.059083][    T1] Kernel panic - not syncing: Oops - BUG: Fatal exception\n\nFix it by copying the size of src, and not the size of dst, as it was.",
  "id": "GHSA-g2hr-f739-wc32",
  "modified": "2025-05-20T18:30:54Z",
  "published": "2025-05-20T18:30:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37902"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/4c4f168b46229d527bda801ef15ad793b069f0ae"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a27cbadb995fa4cca90cefd74332c55c2c26616b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aaa763ab8cecae6308c5ec7f309e1bc3a7ebd29f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/db62809197658954a67b446c30677bc25baaf9f3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ed3248a403740a623c73afd95f88cc37e0cd3ad2"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/f1aff4bc199cb92c055668caed65505e3b4d2656"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.