CVE-2025-38651

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> landlock: Fix warning from KUnit tests<br /> <br /> get_id_range() expects a positive value as first argument but<br /> get_random_u8() can return 0. Fix this by clamping it.<br /> <br /> Validated by running the test in a for loop for 1000 times.<br /> <br /> Note that MAX() is wrong as it is only supposed to be used for<br /> constants, but max() is good here.<br /> <br /> [..] ok 9 test_range2_rand1<br /> [..] ok 10 test_range2_rand2<br /> [..] ok 11 test_range2_rand15<br /> [..] ------------[ cut here ]------------<br /> [..] WARNING: CPU: 6 PID: 104 at security/landlock/id.c:99 test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1))<br /> [..] Modules linked in:<br /> [..] CPU: 6 UID: 0 PID: 104 Comm: kunit_try_catch Tainted: G N 6.16.0-rc1-dev-00001-g314a2f98b65f #1 PREEMPT(undef)<br /> [..] Tainted: [N]=TEST<br /> [..] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [..] RIP: 0010:test_range2_rand16 (security/landlock/id.c:99 (discriminator 1) security/landlock/id.c:234 (discriminator 1))<br /> [..] Code: 49 c7 c0 10 70 30 82 4c 89 ff 48 c7 c6 a0 63 1e 83 49 c7 45 a0 e0 63 1e 83 e8 3f 95 17 00 e9 1f ff ff ff 0f 0b e9 df fd ff ff 0b ba 01 00 00 00 e9 68 fe ff ff 49 89 45 a8 49 8d 4d a0 45 31<br /> <br /> [..] RSP: 0000:ffff888104eb7c78 EFLAGS: 00010246<br /> [..] RAX: 0000000000000000 RBX: 000000000870822c RCX: 0000000000000000<br /> ^^^^^^^^^^^^^^^^<br /> [..]<br /> [..] Call Trace:<br /> [..]<br /> [..] ---[ end trace 0000000000000000 ]---<br /> [..] ok 12 test_range2_rand16<br /> [..] # landlock_id: pass:12 fail:0 skip:0 total:12<br /> [..] # Totals: pass:12 fail:0 skip:0 total:12<br /> [..] ok 1 landlock_id<br /> <br /> [mic: Minor cosmetic improvements]