CVE-2025-38324

一、漏洞信息
 漏洞编号：[CVE-2025-38324](https://nvd.nist.gov/vuln/detail/CVE-2025-38324)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：N/A None
  Vector：CVSS：3.0/
 漏洞简述：
  A vulnerability was found in Linux Kernel up to 6.16-rc2 (Operating System). It has been declared as critical.The CWE definition for the vulnerability is CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.As an impact it is known to affect availability.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.95, 6.12.35, 6.15.4 or 6.16-rc3 eliminates this vulnerability. Applying the patch 2919297b18e5a5fb7e643f9e32c12c0b17cce1be/36af82f25fbdcd719eb947c15ea874bf80bcf229/d8cd847fb8626872631cc22d44be5127b4ebfb74/49b8a9d7d44401a186e20b1aaf591d2e62727aeb/a060781640012d5d5105072f4c44ed6ad6830ef9/517bc6836ee9fcffe2539f6f6aa3fdd9c7a7ae73/f19cbd84e645e39bc3228e1191bb151ef0ffac8c/6dbb0d97c5096072c78a6abffe393584e57ae945 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-20922).
 漏洞公开时间：2025-07-10 17:15:26
 漏洞创建时间：2025-07-10 18:11:29
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2025-38324
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://git.kernel.org/stable/c/2919297b18e5a5fb7e643f9e32c12c0b17cce1be |  |
|  | https://git.kernel.org/stable/c/36af82f25fbdcd719eb947c15ea874bf80bcf229 |  |
|  | https://git.kernel.org/stable/c/49b8a9d7d44401a186e20b1aaf591d2e62727aeb |  |
|  | https://git.kernel.org/stable/c/517bc6836ee9fcffe2539f6f6aa3fdd9c7a7ae73 |  |
|  | https://git.kernel.org/stable/c/6dbb0d97c5096072c78a6abffe393584e57ae945 |  |
|  | https://git.kernel.org/stable/c/a060781640012d5d5105072f4c44ed6ad6830ef9 |  |
|  | https://git.kernel.org/stable/c/d8cd847fb8626872631cc22d44be5127b4ebfb74 |  |
|  | https://git.kernel.org/stable/c/f19cbd84e645e39bc3228e1191bb151ef0ffac8c |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-38324 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2025-38324 |  |
|  | https://git.kernel.org/stable/c/2919297b18e5a5fb7e643f9e32c12c0b17cce1be |  |
|  | https://git.kernel.org/stable/c/36af82f25fbdcd719eb947c15ea874bf80bcf229 |  |
|  | https://git.kernel.org/stable/c/d8cd847fb8626872631cc22d44be5127b4ebfb74 |  |
|  | https://git.kernel.org/stable/c/49b8a9d7d44401a186e20b1aaf591d2e62727aeb |  |
|  | https://git.kernel.org/stable/c/a060781640012d5d5105072f4c44ed6ad6830ef9 |  |
|  | https://git.kernel.org/stable/c/517bc6836ee9fcffe2539f6f6aa3fdd9c7a7ae73 |  |
|  | https://git.kernel.org/stable/c/f19cbd84e645e39bc3228e1191bb151ef0ffac8c |  |
|  | https://git.kernel.org/stable/c/6dbb0d97c5096072c78a6abffe393584e57ae945 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  七彩瞬析开源风险感知平台
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| gregkh/linux |  | https://git.kernel.org/stable/c/2919297b18e5a5fb7e643f9e32c12c0b17cce1be |  | ljqc |
|  |  | https://git.kernel.org/stable/c/2919297b18e5a5fb7e643f9e32c12c0b17cce1be |  | nvd |
|  |  | https://git.kernel.org/stable/c/36af82f25fbdcd719eb947c15ea874bf80bcf229 |  | nvd |
|  |  | https://git.kernel.org/stable/c/49b8a9d7d44401a186e20b1aaf591d2e62727aeb |  | nvd |
|  |  | https://git.kernel.org/stable/c/517bc6836ee9fcffe2539f6f6aa3fdd9c7a7ae73 |  | nvd |
|  |  | https://git.kernel.org/stable/c/6dbb0d97c5096072c78a6abffe393584e57ae945 |  | nvd |
|  |  | https://git.kernel.org/stable/c/a060781640012d5d5105072f4c44ed6ad6830ef9 |  | nvd |
|  |  | https://git.kernel.org/stable/c/d8cd847fb8626872631cc22d44be5127b4ebfb74 |  | nvd |
|  |  | https://git.kernel.org/stable/c/f19cbd84e645e39bc3228e1191bb151ef0ffac8c |  | nvd |
|  |  | https://git.kernel.org/stable/c/2919297b18e5a5fb7e643f9e32c12c0b17cce1be |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/36af82f25fbdcd719eb947c15ea874bf80bcf229 |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/d8cd847fb8626872631cc22d44be5127b4ebfb74 |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/49b8a9d7d44401a186e20b1aaf591d2e62727aeb |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/a060781640012d5d5105072f4c44ed6ad6830ef9 |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/517bc6836ee9fcffe2539f6f6aa3fdd9c7a7ae73 |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/f19cbd84e645e39bc3228e1191bb151ef0ffac8c |  | cvelistv5 |
|  |  | https://git.kernel.org/stable/c/6dbb0d97c5096072c78a6abffe393584e57ae945 |  | cvelistv5 |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  In the Linux kernel, the following vulnerability has been resolved:mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().As syzbot reported [0], mpls_route_input_rcu() can be calledfrom mpls_getroute(), where is under RTNL.net-&gt;mpls.platform_label is only updated under RTNL.Let&#39;s use rcu_dereference_rtnl() in mpls_route_input_rcu() tosilence the splat.[0]:WARNING: suspicious RCU usage6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 Not tainted ----------------------------net/mpls/af_mpls.c:84 suspicious rcu_dereference_check() usage!other info that might help us debug this:rcu_scheduler_active = 2, debug_locks = 11 lock held by syz.2.4451/17730: #0: ffffffff9012a3e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline] #0: ffffffff9012a3e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 net/core/rtnetlink.c:6961stack backtrace:CPU: 1 UID: 0 PID: 17730 Comm: syz.2.4451 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full)Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025Call Trace: &lt;TASK&gt; __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120 lockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6865 mpls_route_input_rcu+0x1d4/0x200 net/mpls/af_mpls.c:84 mpls_getroute+0x621/0x1ea0 net/mpls/af_mpls.c:2381 rtnetlink_rcv_msg+0x3c9/0xe90 net/core/rtnetlink.c:6964 netlink_rcv_skb+0x16d/0x440 net/netlink/af_netlink.c:2534 netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline] netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339 netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883 sock_sendmsg_nosec net/socket.c:712 [inline] __sock_sendmsg net/socket.c:727 [inline] ____sys_sendmsg+0xa98/0xc70 net/socket.c:2566 ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620 __sys_sendmmsg+0x200/0x420 net/socket.c:2709 __do_sys_sendmmsg net/socket.c:2736 [inline] __se_sys_sendmmsg net/socket.c:2733 [inline] __x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2733 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7fRIP: 0033:0x7f0a2818e969Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 &lt;48&gt; 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007f0a28f52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133RAX: ffffffffffffffda RBX: 00007f0a283b5fa0 RCX: 00007f0a2818e969RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003RBP: 00007f0a28210ab1 R08: 0000000000000000 R09: 0000000000000000R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000R13: 0000000000000000 R14: 00007f0a283b5fa0 R15: 00007ffce5e9f268 &lt;/TASK&gt;The Linux kernel CVE team has assigned CVE-2025-38324 to this issue.
 openEuler评分：
  7.0
 Vector：CVSS：3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP3(5.10.0):受影响
3.openEuler-22.03-LTS-SP4(5.10.0):受影响
4.openEuler-24.03-LTS(6.6.0):受影响
5.openEuler-24.03-LTS-SP1(6.6.0):受影响
6.openEuler-24.03-LTS-SP2(6.6.0):受影响
7.master(6.12.33):不受影响
8.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否)：
  1.master(6.12.33):否
2.openEuler-20.03-LTS-SP4(4.19.90):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.openEuler-22.03-LTS-SP4(5.10.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-24.03-LTS-SP1(6.6.0):否
8.openEuler-24.03-LTS-SP2(6.6.0):否

原因说明：
  1.openEuler-20.03-LTS-SP4(4.19.90):正常修复
2.openEuler-22.03-LTS-SP3(5.10.0):正常修复
3.openEuler-22.03-LTS-SP4(5.10.0):正常修复
4.openEuler-24.03-LTS(6.6.0):正常修复
5.openEuler-24.03-LTS-SP1(6.6.0):正常修复
6.openEuler-24.03-LTS-SP2(6.6.0):正常修复
7.master(6.12.33):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1928

src-openEuler/kernel
关闭

内容风险标识

评论 (9)

src-openEuler/kernel关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-38324

评论 (9)

搜索帮助

src-openEuler/kernel
关闭