CVE-2025-68299
Description
In the Linux kernel, the following vulnerability has been resolved:afs: Fix delayed allocation of a cells anonymous keyThe allocation of a cells anonymous key is done in a background threadalong with other cell setup such as doing a DNS upcall. In the reportedbug, this is triggered by afs_parse_source() parsing the device name givento mount() and calling afs_lookup_cell() with the name of the cell.The normal key lookup then tries to use the key description on theanonymous authentication key as the reference for request_key() - but itmay not yet be set and so an oops can happen.This has been made more likely to happen by the fix for dynamic lookupfailure.Fix this by firstly allocating a reference name and attaching it to theafs_cell record when the record is created. It can share the memoryallocation with the cell name (unfortunately it cant just overlap the cellname by prepending it with afs@ as the cell name already has a .prepended for other purposes). This reference name is then passed torequest_key().Secondly, the anon key is now allocated on demand at the point a key isrequested in afs_request_key() if it is not already allocated. A mutex isused to prevent multiple allocation for a cell.Thirdly, make afs_request_key_rcu() return null if the anonymous key isntyet allocated (if we need it) and then the caller can return -ECHILD todrop out of RCU-mode and afs_request_key() can be called.Note that the anonymous key is kind of necessary to make the key lookupcache work as that doesnt currently cache a negative lookup, but itsprobably worth some investigation to see if null can be used instead.
Risk Information
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234