GHSA-5CPG-HFMF-H5FH

Vulnerability from github – Published: 2025-12-16 18:31 – Updated: 2025-12-16 18:31
VLAI?
Details

In the Linux kernel, the following vulnerability has been resolved:

parisc: Avoid crash due to unaligned access in unwinder

Guenter Roeck reported this kernel crash on his emulated B160L machine:

Starting network: udhcpc: started, v1.36.1 Backtrace: [<104320d4>] unwind_once+0x1c/0x5c [<10434a00>] walk_stackframe.isra.0+0x74/0xb8 [<10434a6c>] arch_stack_walk+0x28/0x38 [<104e5efc>] stack_trace_save+0x48/0x5c [<105d1bdc>] set_track_prepare+0x44/0x6c [<105d9c80>] slaballoc+0xfc4/0x1024 [<105d9d38>] slab_alloc.isra.0+0x58/0x90 [<105dc80c>] kmem_cache_alloc_noprof+0x2ac/0x4a0 [<105b8e54>] __anon_vma_prepare+0x60/0x280 [<105a823c>] __vmf_anon_prepare+0x68/0x94 [<105a8b34>] do_wp_page+0x8cc/0xf10 [<105aad88>] handle_mm_fault+0x6c0/0xf08 [<10425568>] do_page_fault+0x110/0x440 [<10427938>] handle_interruption+0x184/0x748 [<11178398>] schedule+0x4c/0x190 BUG: spinlock recursion on CPU#0, ifconfig/2420 lock: terminate_lock.2+0x0/0x1c, .magic: dead4ead, .owner: ifconfig/2420, .owner_cpu: 0

While creating the stack trace, the unwinder uses the stack pointer to guess the previous frame to read the previous stack pointer from memory. The crash happens, because the unwinder tries to read from unaligned memory and as such triggers the unalignment trap handler which then leads to the spinlock recursion and finally to a deadlock.

Fix it by checking the alignment before accessing the memory.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-68322"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T16:16:11Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Avoid crash due to unaligned access in unwinder\n\nGuenter Roeck reported this kernel crash on his emulated B160L machine:\n\nStarting network: udhcpc: started, v1.36.1\n Backtrace:\n  [\u003c104320d4\u003e] unwind_once+0x1c/0x5c\n  [\u003c10434a00\u003e] walk_stackframe.isra.0+0x74/0xb8\n  [\u003c10434a6c\u003e] arch_stack_walk+0x28/0x38\n  [\u003c104e5efc\u003e] stack_trace_save+0x48/0x5c\n  [\u003c105d1bdc\u003e] set_track_prepare+0x44/0x6c\n  [\u003c105d9c80\u003e] ___slab_alloc+0xfc4/0x1024\n  [\u003c105d9d38\u003e] __slab_alloc.isra.0+0x58/0x90\n  [\u003c105dc80c\u003e] kmem_cache_alloc_noprof+0x2ac/0x4a0\n  [\u003c105b8e54\u003e] __anon_vma_prepare+0x60/0x280\n  [\u003c105a823c\u003e] __vmf_anon_prepare+0x68/0x94\n  [\u003c105a8b34\u003e] do_wp_page+0x8cc/0xf10\n  [\u003c105aad88\u003e] handle_mm_fault+0x6c0/0xf08\n  [\u003c10425568\u003e] do_page_fault+0x110/0x440\n  [\u003c10427938\u003e] handle_interruption+0x184/0x748\n  [\u003c11178398\u003e] schedule+0x4c/0x190\n  BUG: spinlock recursion on CPU#0, ifconfig/2420\n  lock: terminate_lock.2+0x0/0x1c, .magic: dead4ead, .owner: ifconfig/2420, .owner_cpu: 0\n\nWhile creating the stack trace, the unwinder uses the stack pointer to guess\nthe previous frame to read the previous stack pointer from memory.  The crash\nhappens, because the unwinder tries to read from unaligned memory and as such\ntriggers the unalignment trap handler which then leads to the spinlock\nrecursion and finally to a deadlock.\n\nFix it by checking the alignment before accessing the memory.",
  "id": "GHSA-5cpg-hfmf-h5fh",
  "modified": "2025-12-16T18:31:34Z",
  "published": "2025-12-16T18:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68322"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/009270208f76456c2cefcd565da263b90bb2eadb"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/9ac1f44723f26881b9fe7e69c7bc25397b879155"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd9f30d1038ee1624baa17a6ff11effe5f7617cb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.