CVE-2025-38118

一、漏洞信息
 漏洞编号：[CVE-2025-38118](https://nvd.nist.gov/vuln/detail/CVE-2025-38118)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：N/A None
  Vector：CVSS：3.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_completeThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add toavoid crashes like bellow:==================================================================BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406Read of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341CPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014Workqueue: hci0 hci_cmd_sync_workCall Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xd2/0x2b0 mm/kasan/report.c:521 kasan_report+0x118/0x150 mm/kasan/report.c:634 mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406 hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x711/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK>Allocated by task 5987: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1039 [inline] mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252 mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279 remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454 hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719 hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:727 sock_write_iter+0x258/0x330 net/socket.c:1131 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x548/0xa90 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7fFreed by task 5989: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2380 [inline] slab_free mm/slub.c:4642 [inline] kfree+0x18e/0x440 mm/slub.c:4841 mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242 mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366 hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314 __sys_bind_socket net/socket.c:1810 [inline] __sys_bind+0x2c3/0x3e0 net/socket.c:1841 __do_sys_bind net/socket.c:1846 [inline] __se_sys_bind net/socket.c:1844 [inline] __x64_sys_bind+0x7a/0x90 net/socket.c:1844 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f
 漏洞公开时间：2025-07-03 17:15:25
 漏洞创建时间：2025-07-03 18:24:49
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2025-38118
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-38118 |  |
|  | https://www.cve.org/CVERecord?id=CVE-2025-38118 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2025-38118 |  |
|  | https://lore.kernel.org/linux-cve-announce/2025070326-CVE-2025-38118-f9ca@gregkh/T |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2376036 |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2376036 |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |
|  | https://access.redhat.com/security/cve/CVE-2025-38118 |  |
|  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  |
|  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  |
|  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  |
|  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  |
|  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  七彩瞬析开源风险感知平台
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| gregkh/linux |  | https://github.com/gregkh/linux/commit/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c.patch |  | ljqc |
|  |  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  | nvd |
|  |  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  | nvd |
|  |  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  | nvd |
|  |  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  | nvd |
|  |  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  | nvd |
|  |  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  | osv |
|  |  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  | osv |
|  |  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  | osv |
|  |  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  | osv |
|  |  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  | osv |
|  |  | https://git.kernel.org/stable/c/32aa2fbe319f33b0318ec6f4fceb63879771a286 |  | snyk |
|  |  | https://git.kernel.org/stable/c/3c9aba9cbdf163e2654be9f82d43ff8a04273962 |  | snyk |
|  |  | https://git.kernel.org/stable/c/9df3e5e7f7e4653fd9802878cedc36defc5ef42d |  | snyk |
|  |  | https://git.kernel.org/stable/c/9f66b6531c2b4e996bb61720ee94adb4b2e8d1be |  | snyk |
|  |  | https://git.kernel.org/stable/c/e6ed54e86aae9e4f7286ce8d5c73780f91b48d1c |  | snyk |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  In the Linux kernel, the following vulnerability has been resolved:Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_completeThis reworks MGMT_OP_REMOVE_ADV_MONITOR to not use mgmt_pending_add toavoid crashes like bellow:==================================================================BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406Read of size 8 at addr ffff88801c53f318 by task kworker/u5:5/5341CPU: 0 UID: 0 PID: 5341 Comm: kworker/u5:5 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full)Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014Workqueue: hci0 hci_cmd_sync_workCall Trace: &lt;TASK&gt; dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xd2/0x2b0 mm/kasan/report.c:521 kasan_report+0x118/0x150 mm/kasan/report.c:634 mgmt_remove_adv_monitor_complete+0xe5/0x540 net/bluetooth/mgmt.c:5406 hci_cmd_sync_work+0x261/0x3a0 net/bluetooth/hci_sync.c:334 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x711/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 &lt;/TASK&gt;Allocated by task 5987: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4358 kmalloc_noprof include/linux/slab.h:905 [inline] kzalloc_noprof include/linux/slab.h:1039 [inline] mgmt_pending_new+0x65/0x240 net/bluetooth/mgmt_util.c:252 mgmt_pending_add+0x34/0x120 net/bluetooth/mgmt_util.c:279 remove_adv_monitor+0x103/0x1b0 net/bluetooth/mgmt.c:5454 hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c:1719 hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg+0x219/0x270 net/socket.c:727 sock_write_iter+0x258/0x330 net/socket.c:1131 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x548/0xa90 fs/read_write.c:686 ksys_write+0x145/0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7fFreed by task 5989: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2380 [inline] slab_free mm/slub.c:4642 [inline] kfree+0x18e/0x440 mm/slub.c:4841 mgmt_pending_foreach+0xc9/0x120 net/bluetooth/mgmt_util.c:242 mgmt_index_removed+0x10d/0x2f0 net/bluetooth/mgmt.c:9366 hci_sock_bind+0xbe9/0x1000 net/bluetooth/hci_sock.c:1314 __sys_bind_socket net/socket.c:1810 [inline] __sys_bind+0x2c3/0x3e0 net/socket.c:1841 __do_sys_bind net/socket.c:1846 [inline] __se_sys_bind net/socket.c:1844 [inline] __x64_sys_bind+0x7a/0x90 net/socket.c:1844 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7fThe Linux kernel CVE team has assigned CVE-2025-38118 to this issue.
 openEuler评分：
  7.0
 Vector：CVSS：3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-24.03-LTS(6.6.0):受影响
2.openEuler-24.03-LTS-SP1(6.6.0):受影响
3.openEuler-24.03-LTS-SP2(6.6.0):受影响
4.master(6.12.33):不受影响
5.openEuler-20.03-LTS-SP4(4.19.90):不受影响
6.openEuler-22.03-LTS-SP3(5.10.0):不受影响
7.openEuler-22.03-LTS-SP4(5.10.0):不受影响
8.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
  1.master(6.12.33):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.openEuler-22.03-LTS-SP4(5.10.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否
8.openEuler-24.03-LTS-SP2(6.6.0):否

原因说明：
  1.openEuler-24.03-LTS(6.6.0):正常修复
2.openEuler-24.03-LTS-SP1(6.6.0):正常修复
3.openEuler-24.03-LTS-SP2(6.6.0):正常修复
4.master(6.12.33):不受影响-漏洞代码不能被攻击者触发
5.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发
6.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在
7.openEuler-22.03-LTS-SP3(5.10.0):不受影响-漏洞代码不存在
8.openEuler-22.03-LTS-SP4(5.10.0):不受影响-漏洞代码不存在

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1870

src-openEuler/kernel

Content Risk Flag

Comments (9)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

Content Risk Flag

CVE-2025-38118

Comments (9)

Search

src-openEuler/kernel