CVE-2025-22072
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
spufs: fix gang directory lifetimes
prior to "[POWERPC] spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets closed, but if somebody has created a context belonging to that gang and kept it alive until the gang got closed, removal failed and we ended up with a leak.
Unfortunately, it had been fixed the wrong way. Dentry of gang directory was no longer pinned, and rmdir on close was gone. One problem was that failure of open kept calling simple_rmdir() as cleanup, which meant an unbalanced dput(). Another bug was in the success case - gang creation incremented link count on root directory, but that was no longer undone when gang got destroyed.
Fix consists of * reverting the commit in question * adding a counter to gang, protected by ->i_rwsem of gang directory inode. * having it set to 1 at creation time, dropped in both spufs_dir_close() and spufs_gang_close() and bumped in spufs_create_context(), provided that it's not 0. * using simple_recursive_removal() to take the gang directory out when counter reaches zero.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 877907d37da9694a34adc9dc3e2ce09400148cb5 < 880e7b3da2e765c1f90c94c0539be039e96c7062 | affected |
| Linux | Linux | 877907d37da9694a34adc9dc3e2ce09400148cb5 < 324f280806aab28ef757aecc18df419676c10ef8 | affected |
| Linux | Linux | 877907d37da9694a34adc9dc3e2ce09400148cb5 < 029d8c711f5e5fe8cf63e8a4a1a140a06e224e45 | affected |
| Linux | Linux | 877907d37da9694a34adc9dc3e2ce09400148cb5 < 903733782f3ae28a2f7fe4dfb47c7fe3e079a528 | affected |
| Linux | Linux | 877907d37da9694a34adc9dc3e2ce09400148cb5 < fc646a6c6d14b5d581f162a7e32999f789e3a3ac | affected |
| Linux | Linux | 877907d37da9694a34adc9dc3e2ce09400148cb5 < c134deabf4784e155d360744d4a6a835b9de4dd4 | affected |
| Linux | Linux | 2.6.22 | affected |
| Linux | Linux | 0 < 2.6.22 | unaffected |
| Linux | Linux | 6.1.134 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.87 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.23 <= 6.12.* | unaffected |
| Linux | Linux | 6.13.11 <= 6.13.* | unaffected |
| Linux | Linux | 6.14.2 <= 6.14.* | unaffected |
| Linux | Linux | 6.15 <= * | unaffected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
References
- https://git.kernel.org/stable/c/880e7b3da2e765c1f90c94c0539be039e96c7062
- https://git.kernel.org/stable/c/324f280806aab28ef757aecc18df419676c10ef8
- https://git.kernel.org/stable/c/029d8c711f5e5fe8cf63e8a4a1a140a06e224e45
- https://git.kernel.org/stable/c/903733782f3ae28a2f7fe4dfb47c7fe3e079a528
- https://git.kernel.org/stable/c/fc646a6c6d14b5d581f162a7e32999f789e3a3ac
- https://git.kernel.org/stable/c/c134deabf4784e155d360744d4a6a835b9de4dd4
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.