CVE-2025-38651
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
landlock: Fix warning from KUnit tests
get_id_range() expects a positive value as first argument but get_random_u8() can return 0. Fix this by clamping it.
Validated by running the test in a for loop for 1000 times.
Note that MAX() is wrong as it is only supposed to be used for constants, but max() is good here.
[..] ok 9 test_range2_rand1 [..] ok 10 test_range2_rand2 [..] ok 11 test_range2_rand15 [..] ————[ cut here ]———— [..] WARNING: CPU: 6 PID: 104 at security/landlock/id.c:99 test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1)) [..] Modules linked in: [..] CPU: 6 UID: 0 PID: 104 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1-dev-00001-g314a2f98b65f #1 PREEMPT(undef) [..] Tainted: [N]=TEST [..] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [..] RIP: 0010:test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1)) [..] Code: 49 c7 c0 10 70 30 82 4c 89 ff 48 c7 c6 a0 63 1e 83 49 c7 45 a0 e0 63 1e 83 e8 3f 95 17 00 e9 1f ff ff ff 0f 0b e9 df fd ff ff <0f> 0b ba 01 00 00 00 e9 68 fe ff ff 49 89 45 a8 49 8d 4d a0 45 31
[..] RSP: 0000:ffff888104eb7c78 EFLAGS: 00010246 [..] RAX: 0000000000000000 RBX: 000000000870822c RCX: 0000000000000000 ^^^^^^^^^^^^^^^^ [..] [..] Call Trace: [..] [..] —[ end trace 0000000000000000 ]— [..] ok 12 test_range2_rand16 [..] # landlock_id: pass:12 fail:0 skip:0 total:12 [..] # Totals: pass:12 fail:0 skip:0 total:12 [..] ok 1 landlock_id
[mic: Minor cosmetic improvements]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | d9d2a68ed44bbae598a81cb95e0746fa6b13b57f < 127183361b69dbb7ac3246ad4726f93400481249 | affected |
| Linux | Linux | d9d2a68ed44bbae598a81cb95e0746fa6b13b57f < 7d9ec2cfe12dd0d7c1a58213b9bef1bec66a3189 | affected |
| Linux | Linux | d9d2a68ed44bbae598a81cb95e0746fa6b13b57f < e0a69cf2c03e61bd8069becb97f66c173d0d1fa1 | affected |
| Linux | Linux | 6.15 | affected |
| Linux | Linux | 0 < 6.15 | unaffected |
| Linux | Linux | 6.15.10 <= 6.15.* | unaffected |
| Linux | Linux | 6.16.1 <= 6.16.* | unaffected |
| Linux | Linux | 6.17 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/127183361b69dbb7ac3246ad4726f93400481249
- https://git.kernel.org/stable/c/7d9ec2cfe12dd0d7c1a58213b9bef1bec66a3189
- https://git.kernel.org/stable/c/e0a69cf2c03e61bd8069becb97f66c173d0d1fa1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.