Home

Description

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in __scs_magic __scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is given. 'task_scs(tsk)' is the starting address of the task's shadow call stack, and '__scs_magic(task_scs(tsk))' is the end address of the task's shadow call stack. Here should be '__scs_magic(task_scs(tsk))'. The user-visible effect of this bug is that when CONFIG_DEBUG_STACK_USAGE is enabled, the shadow call stack usage checking function (scs_check_usage) would scan an incorrect memory range. This could lead 1. **Inaccurate stack usage reporting**: The function would calculate wrong usage statistics for the shadow call stack, potentially showing incorrect value in kmsg. 2. **Potential kernel crash**: If the value of __scs_magic(tsk)is greater than that of __scs_magic(task_scs(tsk)), the for loop may access unmapped memory, potentially causing a kernel panic. However, this scenario is unlikely because task_struct is allocated via the slab allocator (which typically returns lower addresses), while the shadow call stack returned by task_scs(tsk) is allocated via vmalloc(which typically returns higher addresses). However, since this is purely a debugging feature (CONFIG_DEBUG_STACK_USAGE), normal production systems should be not unaffected. The bug only impacts developers and testers who are actively debugging stack usage with this configuration enabled.

PUBLISHED Reserved 2026-01-13 | Published 2026-01-14 | Updated 2026-02-09 | Assigner Linux

Product status

Default status
unaffected

5bbaf9d1fcb9be696ee9a61636ab6803556c70f2 (git) before 1727e8bd69103a68963a5613a0ddb6d8d37df5d3
affected

5bbaf9d1fcb9be696ee9a61636ab6803556c70f2 (git) before cfdf6250b63b953b1d8e60814c8ca96c6f9d1c8c
affected

5bbaf9d1fcb9be696ee9a61636ab6803556c70f2 (git) before 57ba40b001be27786d0570dd292289df748b306b
affected

5bbaf9d1fcb9be696ee9a61636ab6803556c70f2 (git) before 062774439d442882b44f5eab8c256ad3423ef284
affected

5bbaf9d1fcb9be696ee9a61636ab6803556c70f2 (git) before 9ef28943471a16e4f9646bc3e8e2de148e7d8d7b
affected

5bbaf9d1fcb9be696ee9a61636ab6803556c70f2 (git) before a19fb3611e4c06624fc0f83ef19f4fb8d57d4751
affected

5bbaf9d1fcb9be696ee9a61636ab6803556c70f2 (git) before 08bd4c46d5e63b78e77f2605283874bbe868ab19
affected

Default status
affected

5.8
affected

Any version before 5.8
unaffected

5.10.248 (semver)
unaffected

5.15.198 (semver)
unaffected

6.1.160 (semver)
unaffected

6.6.120 (semver)
unaffected

6.12.64 (semver)
unaffected

6.18.3 (semver)
unaffected

6.19 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/1727e8bd69103a68963a5613a0ddb6d8d37df5d3

git.kernel.org/...c/cfdf6250b63b953b1d8e60814c8ca96c6f9d1c8c

git.kernel.org/...c/57ba40b001be27786d0570dd292289df748b306b

git.kernel.org/...c/062774439d442882b44f5eab8c256ad3423ef284

git.kernel.org/...c/9ef28943471a16e4f9646bc3e8e2de148e7d8d7b

git.kernel.org/...c/a19fb3611e4c06624fc0f83ef19f4fb8d57d4751

git.kernel.org/...c/08bd4c46d5e63b78e77f2605283874bbe868ab19

cve.org (CVE-2025-71102)

nvd.nist.gov (CVE-2025-71102)

Download JSON