CVE-2025-22010

一、漏洞信息
漏洞编号：CVE-2025-22010
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
CVSS V3.0分值：
BaseScore：5.5 Medium
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:RDMA/hns: Fix soft lockup during bt pages loopDriver runs a for-loop when allocating bt pages and mapping them withbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bcAdd a cond_resched() to fix soft lockup during these loops. In order notto affect the allocation performance of normal-size buffer, set the loopcount of a 100GB MR as the threshold to call cond_resched().
漏洞公开时间：2025-04-08 17:15:24
漏洞创建时间：2025-04-08 17:31:34
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2025-22010

更多参考(点击展开)

参考来源	参考链接	来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/461eb4ddede266df8f181f578732bb01742c3fd6
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/efe544462fc0b499725364f90bd0f8bbf16f861a
suse_bugzilla	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-22010	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://www.cve.org/CVERecord?id=CVE-2025-22010	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2025/CVE-2025-22010.mbox	https://bugzilla.suse.com/show_bug.cgi?id=1240943
suse_bugzilla	https://bugzilla.redhat.com/show_bug.cgi?id=2358219	https://bugzilla.suse.com/show_bug.cgi?id=1240943
redhat_bugzilla	https://lore.kernel.org/linux-cve-announce/2025040843-CVE-2025-22010-82d7@gregkh/T	https://bugzilla.redhat.com/show_bug.cgi?id=2358219
anolis		https://anas.openanolis.cn/cves/detail/CVE-2025-22010
mageia		http://advisories.mageia.org/MGASA-2025-0142.html
osv	https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b	https://osv.dev/vulnerability/CVE-2025-22010
osv	https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9	https://osv.dev/vulnerability/CVE-2025-22010
osv	https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79	https://osv.dev/vulnerability/CVE-2025-22010
osv	https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6	https://osv.dev/vulnerability/CVE-2025-22010
osv	https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11	https://osv.dev/vulnerability/CVE-2025-22010
osv	https://git.kernel.org/stable/c/461eb4ddede266df8f181f578732bb01742c3fd6	https://osv.dev/vulnerability/CVE-2025-22010
osv	https://git.kernel.org/stable/c/efe544462fc0b499725364f90bd0f8bbf16f861a	https://osv.dev/vulnerability/CVE-2025-22010
osv	https://security-tracker.debian.org/tracker/CVE-2025-22010	https://osv.dev/vulnerability/CVE-2025-22010

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

详情(点击展开)

影响的包	修复版本	修复补丁	问题引入补丁	来源
		https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b		nvd
		https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9		nvd
		https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79		nvd
		https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6		nvd
		https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11		nvd
linux_kernel	6.1.132	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4104b0023ff66b5df900d23dbf38310893deca79	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=38389eaa4db192648916464b60f6086d6bbaa6de	linuxkernelcves
linux_kernel	6.6.85	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=975355faba56c0751292ed15a90c3e2c7dc0aad6	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=38389eaa4db192648916464b60f6086d6bbaa6de	linuxkernelcves
linux_kernel	6.12.21	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=13a52f6c9ff99f7d88f81da535cb4e85eade662b	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=38389eaa4db192648916464b60f6086d6bbaa6de	linuxkernelcves
linux_kernel	6.13.9	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9ab20fec7a1ce3057ad86afd27bfd08420b7cd11	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=38389eaa4db192648916464b60f6086d6bbaa6de	linuxkernelcves
linux_kernel	6.14	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=25655580136de59ec89f09089dd28008ea440fc9	https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=38389eaa4db192648916464b60f6086d6bbaa6de	linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:RDMA/hns: Fix soft lockup during bt pages loopDriver runs a for-loop when allocating bt pages and mapping them withbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bcAdd a cond_resched() to fix soft lockup during these loops. In order notto affect the allocation performance of normal-size buffer, set the loopcount of a 100GB MR as the threshold to call cond_resched().
openEuler评分：
5.5
Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响)：
1.openEuler-22.03-LTS-SP3(5.10.0):受影响
2.openEuler-22.03-LTS-SP4(5.10.0):受影响
3.openEuler-24.03-LTS(6.6.0):受影响
4.openEuler-24.03-LTS-SP1(6.6.0):受影响
5.openEuler-24.03-LTS-SP2(6.6.0):受影响
6.openEuler-20.03-LTS-SP4(4.19.90):不受影响
7.master(6.6.0):不受影响
8.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP3(5.10.0):否
3.master(6.6.0):否
4.openEuler-24.03-LTS(6.6.0):否
5.openEuler-24.03-LTS-Next(6.6.0):否
6.openEuler-22.03-LTS-SP4(5.10.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否
8.openEuler-24.03-LTS-SP2(6.6.0):否

原因说明：
1.openEuler-24.03-LTS(6.6.0):正常修复
2.openEuler-24.03-LTS-SP1(6.6.0):正常修复
3.openEuler-24.03-LTS-SP2(6.6.0):正常修复
4.openEuler-22.03-LTS-SP3(5.10.0):不修复-超出修复范围
5.openEuler-22.03-LTS-SP4(5.10.0):不修复-超出修复范围
6.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
8.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1464

Hi openeuler-ci-bot, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Kernel, and any of the maintainers.

@yangyingliang ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@oskernel0719 ,@gasonchen
issue处理注意事项:
1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;
2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;
3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否), 原因说明)不能省略,省略后cve-manager将无法正常解析填写内容.

影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响):
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):

修复是否涉及abi变化(是/否)：
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):

原因说明：
1.master(6.6.0):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):

原因说明填写请参考下方表格(注意：版本是否受影响和版本的原因说明必须对应，例如master版本分支受影响，那原因说明只能是受影响对应的原因之一!)：

分支状态	原因说明
受影响	正常修复
受影响	暂不修复-漏洞仍在分析中
受影响	暂不修复-暂无解决方案或补丁
受影响	暂不修复-待升级版本修复
受影响	不修复-超出修复范围
受影响	不修复-特殊原因导致不再修复
不受影响	不受影响-组件不存在
不受影响	不受影响-已有内置的内联控制或缓解措施
不受影响	不受影响-漏洞代码不能被攻击者触发
不受影响	不受影响-漏洞代码不在执行路径
不受影响	不受影响-漏洞代码不存在

issue处理具体操作请参考:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

参考网址	关联pr	状态	补丁链接
https://nvd.nist.gov/vuln/detail/CVE-2025-22010	None	None	https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6 https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79 https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9 https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11
https://ubuntu.com/security/CVE-2025-22010	None	None	https://discourse.ubuntu.com/c/project
https://www.opencve.io/cve/CVE-2025-22010	None	None	https://git.kernel.org/stable/c/975355faba56c0751292ed15a90c3e2c7dc0aad6 https://git.kernel.org/stable/c/13a52f6c9ff99f7d88f81da535cb4e85eade662b https://git.kernel.org/stable/c/4104b0023ff66b5df900d23dbf38310893deca79 https://git.kernel.org/stable/c/25655580136de59ec89f09089dd28008ea440fc9 https://git.kernel.org/stable/c/9ab20fec7a1ce3057ad86afd27bfd08420b7cd11
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2025-22010
https://security-tracker.debian.org/tracker/CVE-2025-22010
http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2025-22010

说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用CVE补丁工具。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

CVE-2025-22010

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix soft lockup during bt pages loop

Driver runs a for-loop when allocating bt pages and mapping them with
buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,
it may require a considerable loop count. This will lead to soft lockup:

    watchdog: BUG: soft lockup - CPU#27 stuck for 22s!
    ...
    Call trace:
     hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]
     hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]
     hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]
     alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]
     hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]
     ib_uverbs_reg_mr+0x118/0x290

    watchdog: BUG: soft lockup - CPU#35 stuck for 23s!
    ...
    Call trace:
     hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]
     mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]
     hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]
     alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]
     hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]
     ib_uverbs_reg_mr+0x120/0x2bc

Add a cond_resched() to fix soft lockup during these loops. In order not
to affect the allocation performance of normal-size buffer, set the loop
count of a 100GB MR as the threshold to call cond_resched().

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.master(6.1.0):不受影响
2.openEuler-20.03-LTS-SP4:不受影响
3.openEuler-22.03-LTS-SP3:受影响
4.openEuler-22.03-LTS-SP4:受影响
5.openEuler-24.03-LTS:受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:受影响

修复是否涉及abi变化(是/否)：
1.master(6.1.0):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS-SP3:否
4.openEuler-22.03-LTS-SP4:否
5.openEuler-24.03-LTS:否
6.openEuler-24.03-LTS-Next:否
7.openEuler-24.03-LTS-SP1:否

原因说明：
1.master(23.08.5):不受影响-漏洞代码不能被攻击者触发
2.openEuler-20.03-LTS-SP4:不受影响-漏洞代码不存在
4.openEuler-22.03-LTS-SP3:不修复-超出修复范围
5.openEuler-22.03-LTS-SP4:不修复-超出修复范围
6.openEuler-24.03-LTS:正常修复
7.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP1:正常修复

@zhixiuzhou 4.受影响版本排查(受影响/不受影响)=> 没有分析或未按正确格式填写，涉及分支: [openEuler-24.03-LTS-SP2]

CVE-2025-22010

影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:

RDMA/hns: Fix soft lockup during bt pages loop

Driver runs a for-loop when allocating bt pages and mapping them with
buffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,
it may require a considerable loop count. This will lead to soft lockup:

    watchdog: BUG: soft lockup - CPU#27 stuck for 22s!
    ...
    Call trace:
     hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2]
     hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2]
     hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2]
     alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2]
     hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2]
     ib_uverbs_reg_mr+0x118/0x290

    watchdog: BUG: soft lockup - CPU#35 stuck for 23s!
    ...
    Call trace:
     hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2]
     mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2]
     hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2]
     alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2]
     hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2]
     ib_uverbs_reg_mr+0x120/0x2bc

Add a cond_resched() to fix soft lockup during these loops. In order not
to affect the allocation performance of normal-size buffer, set the loop
count of a 100GB MR as the threshold to call cond_resched().

openEuler评分:(评分和向量)
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4:不受影响
2.openEuler-22.03-LTS-SP3:受影响
3.openEuler-22.03-LTS-SP4:受影响
4.master(6.6.0):不受影响
5.openEuler-24.03-LTS:受影响
6.openEuler-24.03-LTS-Next:不受影响
7.openEuler-24.03-LTS-SP1:受影响
8.openEuler-24.03-LTS-SP2:受影响

原因说明:
1.openEuler-20.03-LTS-SP4:不受影响-漏洞代码不存在
2.openEuler-22.03-LTS-SP3:不修复-超出修复范围
3.openEuler-22.03-LTS-SP4:不修复-超出修复范围
4.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS:正常修复
6.openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1:正常修复
8.openEuler-24.03-LTS-SP2:正常修复

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP4:否
2.openEuler-22.03-LTS-SP3:否
3.master(23.08.5):否
4.openEuler-24.03-LTS:否
5.openEuler-24.03-LTS-Next:否
6.openEuler-22.03-LTS-SP4:否
7.openEuler-24.03-LTS-SP1:否
8.openEuler-24.03-LTS-SP2:否

===========================================================

@CTC-XiboWang 经过 cve-manager 解析, 已分析的内容如下表所示:

状态	分析项目	内容
已分析	1.影响性分析说明	In the Linux kernel, the following vulnerability has been resolved:RDMA/hns: Fix soft lockup during bt pages loopDriver runs a for-loop when allocating bt pages and mapping them withbuffer pages. When a large buffer (e.g. MR over 100GB) is being allocated,it may require a considerable loop count. This will lead to soft lockup: watchdog: BUG: soft lockup - CPU#27 stuck for 22s! ... Call trace: hem_list_alloc_mid_bt+0x124/0x394 [hns_roce_hw_v2] hns_roce_hem_list_request+0xf8/0x160 [hns_roce_hw_v2] hns_roce_mtr_create+0x2e4/0x360 [hns_roce_hw_v2] alloc_mr_pbl+0xd4/0x17c [hns_roce_hw_v2] hns_roce_reg_user_mr+0xf8/0x190 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x118/0x290 watchdog: BUG: soft lockup - CPU#35 stuck for 23s! ... Call trace: hns_roce_hem_list_find_mtt+0x7c/0xb0 [hns_roce_hw_v2] mtr_map_bufs+0xc4/0x204 [hns_roce_hw_v2] hns_roce_mtr_create+0x31c/0x3c4 [hns_roce_hw_v2] alloc_mr_pbl+0xb0/0x160 [hns_roce_hw_v2] hns_roce_reg_user_mr+0x108/0x1c0 [hns_roce_hw_v2] ib_uverbs_reg_mr+0x120/0x2bcAdd a cond_resched() to fix soft lockup during these loops. In order notto affect the allocation performance of normal-size buffer, set the loopcount of a 100GB MR as the threshold to call cond_resched().
已分析	2.openEulerScore	5.5
已分析	3.openEulerVector	AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
已分析	4.受影响版本排查	openEuler-22.03-LTS-SP3:受影响,openEuler-22.03-LTS-SP4:受影响,openEuler-24.03-LTS:受影响,openEuler-24.03-LTS-SP1:受影响,openEuler-24.03-LTS-SP2:受影响,openEuler-20.03-LTS-SP4:不受影响,master:不受影响,openEuler-24.03-LTS-Next:不受影响
已分析	5.是否涉及abi变化	openEuler-20.03-LTS-SP4:否,openEuler-22.03-LTS-SP3:否,master:否,openEuler-24.03-LTS:否,openEuler-24.03-LTS-Next:否,openEuler-22.03-LTS-SP4:否,openEuler-24.03-LTS-SP1:否,openEuler-24.03-LTS-SP2:否
已分析	6.原因说明	openEuler-24.03-LTS:正常修复,openEuler-24.03-LTS-SP1:正常修复,openEuler-24.03-LTS-SP2:正常修复,openEuler-22.03-LTS-SP3:不修复-超出修复范围,openEuler-22.03-LTS-SP4:不修复-超出修复范围,master:不受影响-漏洞代码不能被攻击者触发,openEuler-24.03-LTS-Next:不受影响-漏洞代码不能被攻击者触发,openEuler-20.03-LTS-SP4:不受影响-漏洞代码不存在

请确认分析内容的准确性, 确认无误后, 您可以进行后续步骤, 否则您可以继续分析.

src-openEuler/kernel

内容风险标识

评论 (7)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-22010

评论 (7)

搜索帮助

src-openEuler/kernel