CVE-2025-68198

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crash: fix crashkernel resource shrink<br /> <br /> When crashkernel is configured with a high reservation, shrinking its<br /> value below the low crashkernel reservation causes two issues:<br /> <br /> 1. Invalid crashkernel resource objects<br /> 2. Kernel crash if crashkernel shrinking is done twice<br /> <br /> For example, with crashkernel=200M,high, the kernel reserves 200MB of high<br /> memory and some default low memory (say 256MB). The reservation appears<br /> as:<br /> <br /> cat /proc/iomem | grep -i crash<br /> af000000-beffffff : Crash kernel<br /> 433000000-43f7fffff : Crash kernel<br /> <br /> If crashkernel is then shrunk to 50MB (echo 52428800 &gt;<br /> /sys/kernel/kexec_crash_size), /proc/iomem still shows 256MB reserved:<br /> af000000-beffffff : Crash kernel<br /> <br /> Instead, it should show 50MB:<br /> af000000-b21fffff : Crash kernel<br /> <br /> Further shrinking crashkernel to 40MB causes a kernel crash with the<br /> following trace (x86):<br /> <br /> BUG: kernel NULL pointer dereference, address: 0000000000000038<br /> PGD 0 P4D 0<br /> Oops: 0000 [#1] PREEMPT SMP NOPTI<br /> <br /> Call Trace: <br /> ? __die_body.cold+0x19/0x27<br /> ? page_fault_oops+0x15a/0x2f0<br /> ? search_module_extables+0x19/0x60<br /> ? search_bpf_extables+0x5f/0x80<br /> ? exc_page_fault+0x7e/0x180<br /> ? asm_exc_page_fault+0x26/0x30<br /> ? __release_resource+0xd/0xb0<br /> release_resource+0x26/0x40<br /> __crash_shrink_memory+0xe5/0x110<br /> crash_shrink_memory+0x12a/0x190<br /> kexec_crash_size_store+0x41/0x80<br /> kernfs_fop_write_iter+0x141/0x1f0<br /> vfs_write+0x294/0x460<br /> ksys_write+0x6d/0xf0<br /> <br /> <br /> This happens because __crash_shrink_memory()/kernel/crash_core.c<br /> incorrectly updates the crashk_res resource object even when<br /> crashk_low_res should be updated.<br /> <br /> Fix this by ensuring the correct crashkernel resource object is updated<br /> when shrinking crashkernel memory.