-

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved:

scs: fix a wrong parameter in __scs_magic

__scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is
given.  'task_scs(tsk)' is the starting address of the task's shadow call
stack, and '__scs_magic(task_scs(tsk))' is the end address of the task's
shadow call stack.  Here should be '__scs_magic(task_scs(tsk))'.

The user-visible effect of this bug is that when CONFIG_DEBUG_STACK_USAGE
is enabled, the shadow call stack usage checking function
(scs_check_usage) would scan an incorrect memory range.  This could lead

1. **Inaccurate stack usage reporting**: The function would calculate
   wrong usage statistics for the shadow call stack, potentially showing
   incorrect value in kmsg.

2. **Potential kernel crash**: If the value of __scs_magic(tsk)is
   greater than that of __scs_magic(task_scs(tsk)), the for loop may
   access unmapped memory, potentially causing a kernel panic.  However,
   this scenario is unlikely because task_struct is allocated via the slab
   allocator (which typically returns lower addresses), while the shadow
   call stack returned by task_scs(tsk) is allocated via vmalloc(which
   typically returns higher addresses).

However, since this is purely a debugging feature
(CONFIG_DEBUG_STACK_USAGE), normal production systems should be not
unaffected.  The bug only impacts developers and testers who are actively
debugging stack usage with this configuration enabled.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLinux
Produkt Linux
Default Statusunaffected
Version < 1727e8bd69103a68963a5613a0ddb6d8d37df5d3
Version 5bbaf9d1fcb9be696ee9a61636ab6803556c70f2
Status affected
Version < cfdf6250b63b953b1d8e60814c8ca96c6f9d1c8c
Version 5bbaf9d1fcb9be696ee9a61636ab6803556c70f2
Status affected
Version < 57ba40b001be27786d0570dd292289df748b306b
Version 5bbaf9d1fcb9be696ee9a61636ab6803556c70f2
Status affected
Version < 062774439d442882b44f5eab8c256ad3423ef284
Version 5bbaf9d1fcb9be696ee9a61636ab6803556c70f2
Status affected
Version < 9ef28943471a16e4f9646bc3e8e2de148e7d8d7b
Version 5bbaf9d1fcb9be696ee9a61636ab6803556c70f2
Status affected
Version < a19fb3611e4c06624fc0f83ef19f4fb8d57d4751
Version 5bbaf9d1fcb9be696ee9a61636ab6803556c70f2
Status affected
Version < 08bd4c46d5e63b78e77f2605283874bbe868ab19
Version 5bbaf9d1fcb9be696ee9a61636ab6803556c70f2
Status affected
HerstellerLinux
Produkt Linux
Default Statusaffected
Version 5.8
Status affected
Version < 5.8
Version 0
Status unaffected
Version <= 5.10.*
Version 5.10.248
Status unaffected
Version <= 5.15.*
Version 5.15.198
Status unaffected
Version <= 6.1.*
Version 6.1.160
Status unaffected
Version <= 6.6.*
Version 6.6.120
Status unaffected
Version <= 6.12.*
Version 6.12.64
Status unaffected
Version <= 6.18.*
Version 6.18.3
Status unaffected
Version <= *
Version 6.19-rc1
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.088
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
Es wurden noch keine Informationen zu CWE veröffentlicht.