Re: [PATCH vulns] add a .vulnerable id for CVE-2025-38608

From: Greg KH
Date: Wed Sep 03 2025 - 08:37:51 EST

Next message: kurita: "[PATCH] docs: ja_JP: Update SubmittingPatches for 'Fixes:' tag"
Previous message: Daniel Wagner: "Re: [PATCH v7 01/10] lib/group_cpus: Add group_masks_cpus_evenly()"
In reply to: Hoyeon Lee: "[PATCH vulns] add a .vulnerable id for CVE-2025-38608"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 03, 2025 at 02:41:07PM +0900, Hoyeon Lee wrote:
> The issue depends on bpf_msg_pop_data() helper, which was introduced
> by commit 7246d8ed4dcc ("bpf: helper to pop data from messages"). Fixes
> tag in commit 178f6a5c8cb3 ("bpf, ktls: Fix data corruption when using
> bpf_msg_pop_data() in ktls") incorrectly points to commit d3b18ad31f93
> ("tls: add bpf support to sk_msg handling"), which does not provide this
> helper. For this reason, the introduction of bpf_msg_pop_data() has been
> chosen as the vulnerable point for CVE-2025-38608.
>
> Signed-off-by: Hoyeon Lee <hoyeon.lee@xxxxxxxx>
> ---
> cve/published/2025/CVE-2025-38608.vulnerable | 1 +
> 1 file changed, 1 insertion(+)
> create mode 100644 cve/published/2025/CVE-2025-38608.vulnerable
>
> diff --git a/cve/published/2025/CVE-2025-38608.vulnerable b/cve/published/2025/CVE-2025-38608.vulnerable
> new file mode 100644
> index 000000000..f0336d0ed
> --- /dev/null
> +++ b/cve/published/2025/CVE-2025-38608.vulnerable
> @@ -0,0 +1 @@
> +7246d8ed4dcce23f7509949a77be15fa9f0e3d28
> --
> 2.51.0
>

Looks good, thanks! Now applied and updated.

greg k-h

Next message: kurita: "[PATCH] docs: ja_JP: Update SubmittingPatches for 'Fixes:' tag"
Previous message: Daniel Wagner: "Re: [PATCH v7 01/10] lib/group_cpus: Add group_masks_cpus_evenly()"
In reply to: Hoyeon Lee: "[PATCH vulns] add a .vulnerable id for CVE-2025-38608"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]