CVE-2025-22104

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ibmvnic: Use kernel helpers for hex dumps<br /> <br /> Previously, when the driver was printing hex dumps, the buffer was cast<br /> to an 8 byte long and printed using string formatters. If the buffer<br /> size was not a multiple of 8 then a read buffer overflow was possible.<br /> <br /> Therefore, create a new ibmvnic function that loops over a buffer and<br /> calls hex_dump_to_buffer instead.<br /> <br /> This patch address KASAN reports like the one below:<br /> ibmvnic 30000003 env3: Login Buffer:<br /> ibmvnic 30000003 env3: 01000000af000000<br /> <br /> ibmvnic 30000003 env3: 2e6d62692e736261<br /> ibmvnic 30000003 env3: 65050003006d6f63<br /> ==================================================================<br /> BUG: KASAN: slab-out-of-bounds in ibmvnic_login+0xacc/0xffc [ibmvnic]<br /> Read of size 8 at addr c0000001331a9aa8 by task ip/17681<br /> <br /> Allocated by task 17681:<br /> <br /> ibmvnic_login+0x2f0/0xffc [ibmvnic]<br /> ibmvnic_open+0x148/0x308 [ibmvnic]<br /> __dev_open+0x1ac/0x304<br /> <br /> The buggy address is located 168 bytes inside of<br /> allocated 175-byte region [c0000001331a9a00, c0000001331a9aaf)<br /> <br /> =================================================================<br /> ibmvnic 30000003 env3: 000000000033766e