CVE-2025-38688 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: iommufd: Prevent ALIGN() overflow When allocating IOVA the candidate range gets aligned to the target alignment. If the range is close to ULONG_MAX then the ALIGN() can wrap resulting in a corrupted iova. Open code the ALIGN() using get_add_overflow() to prevent this. This simplifies the checks as we don't need to check for length earlier either. Consolidate the two copies of this code under a single helper. This bug would allow userspace to create a mapping that overlaps with some other mapping or a reserved range.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-04 | Updated 2025-09-29 | Assigner Linux

Product status

Default status

unaffected

51fe6141f0f64ae0bbc096a41a07572273e8c0ef (git) before d19b817540c0abe84854a64ee9ee34cecc3bbeef

affected

51fe6141f0f64ae0bbc096a41a07572273e8c0ef (git) before ebb6021560b94649bec6b8faba6fe0dca2218e81

affected

51fe6141f0f64ae0bbc096a41a07572273e8c0ef (git) before e42a046bb41dcdde4f766a17d8211842007ed537

affected

51fe6141f0f64ae0bbc096a41a07572273e8c0ef (git) before 79fad1917802c28de51a479318a056a6fbe3e2f2

affected

51fe6141f0f64ae0bbc096a41a07572273e8c0ef (git) before b42497e3c0e74db061eafad41c0cd7243c46436b

affected

Default status

affected

6.2

affected

Any version before 6.2

unaffected

6.6.103 (semver)

unaffected

6.12.43 (semver)

unaffected

6.15.11 (semver)

unaffected

6.16.2 (semver)

unaffected

6.17 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/d19b817540c0abe84854a64ee9ee34cecc3bbeef

git.kernel.org/...c/ebb6021560b94649bec6b8faba6fe0dca2218e81

git.kernel.org/...c/e42a046bb41dcdde4f766a17d8211842007ed537

git.kernel.org/...c/79fad1917802c28de51a479318a056a6fbe3e2f2

git.kernel.org/...c/b42497e3c0e74db061eafad41c0cd7243c46436b

cve.org (CVE-2025-38688)

nvd.nist.gov (CVE-2025-38688)

Download JSON

help @ threatint.eu