登錄
註冊
開源
企業服務
高校版
搜索
幫助中心
使用條款
關於我們
開源
企業服務
高校版
私有雲
模力方舟
AI 队友
登錄
註冊
程式碼拉取完成,頁面將自動刷新
倉庫狀態說明
開源項目
>
其他开源
>
操作系统
&&
捐贈
捐贈前請先登錄
取消
前往登錄
掃描微信二維碼支付
取消
支付完成
支付提示
將跳轉至支付寶完成支付
確定
取消
Watch
不關註
關註所有動態
僅關註版本發行動態
關註但不提醒動態
128
Star
72
Fork
331
src-openEuler
/
kernel
關閉
程式碼
Issues
1197
Pull Requests
35
Wiki
統計
流水線
服務
JavaDoc
PHPDoc
質量分析
Jenkins for Gitee
騰訊雲托管
騰訊雲 Serverless
悬镜安全
阿里雲 SAE
Codeblitz
SBOM
開發畫像分析
我知道了,不再自動展開
更新失敗,請稍後重試!
移除標識
內容風險標識
本任務被
標識為內容中包含有代碼安全 Bug 、隱私洩露等敏感信息,倉庫外成員不可訪問
CVE-2025-40012
已完成
#ID2QM1
CVE和安全问题
openeuler-ci-bot
擁有者
創建於
2025-10-20 23:52
一、漏洞信息 漏洞编号:[CVE-2025-40012](https://nvd.nist.gov/vuln/detail/CVE-2025-40012) 漏洞归属组件:[kernel](https://gitee.com/src-openeuler/kernel) 漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0 CVSS V4.0分值: BaseScore:N/A None Vector: 漏洞简述: In the Linux kernel, the following vulnerability has been resolved:net/smc: fix warning in smc_rx_splice() when calling get_page()smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which arelater passed to get_page() in smc_rx_splice(). Since kmalloc memory isnot page-backed, this triggers WARN_ON_ONCE() in get_page() and preventsholding a refcount on the buffer. This can lead to use-after-free ifthe memory is released before splice_to_pipe() completes.Use folio_alloc() instead, ensuring DMBs are page-backed and safe forget_page().WARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]CPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONEHardware name: IBM 3931 A01 704 (z/VM 7.4.0)Krnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc]) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3Krnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8Krnl Code: 0007931610326960: af000000 mc 0,0 0007931610326964: a7f4ff43 brc 15,00079316103267ea #0007931610326968: af000000 mc 0,0 >000793161032696c: a7f4ff3f brc 15,00079316103267ea 0007931610326970: e320f1000004 lg %r2,256(%r15) 0007931610326976: c0e53fd1b5f5 brasl %r14,000793168fd5d560 000793161032697c: a7f4fbb5 brc 15,00079316103260e6 0007931610326980: b904002b lgr %r2,%r11Call Trace: smc_rx_splice+0xafc/0xe20 [smc] smc_rx_splice+0x756/0xe20 [smc]) smc_rx_recvmsg+0xa74/0xe00 [smc] smc_splice_read+0x1ce/0x3b0 [smc] sock_splice_read+0xa2/0xf0 do_splice_read+0x198/0x240 splice_file_to_pipe+0x7e/0x110 do_splice+0x59e/0xde0 __do_splice+0x11a/0x2d0 __s390x_sys_splice+0x140/0x1f0 __do_syscall+0x122/0x280 system_call+0x6e/0x90Last Breaking-Event-Address:smc_rx_splice+0x960/0xe20 [smc]---[ end trace 0000000000000000 ]--- 漏洞公开时间:2025-10-21 00:15:37 漏洞创建时间:2025-10-20 23:52:09 漏洞详情参考链接: https://nvd.nist.gov/vuln/detail/CVE-2025-40012 <details> <summary>更多参考(点击展开)</summary> | 参考来源 | 参考链接 | 来源链接 | | ------- | -------- | -------- | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40204 | | | | https://www.cve.org/CVERecord?id=CVE-2025-40012 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40200 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38705 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40055 | | | | https://git.kernel.org/stable/c/14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40141 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37828 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39694 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40110 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40082 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40134 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40169 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40179 | | | | https://git.kernel.org/stable/c/a35c04de2565db191726b5741e6b66a35002c652 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40120 | | | | https://lore.kernel.org/linux-cve-announce/2025102003-CVE-2025-40012-86b3@gregkh/T | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40192 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38729 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40171 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40178 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40125 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40129 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40187 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40183 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40164 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39703 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38234 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40035 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40140 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40211 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38349 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38214 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40048 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40201 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38100 | | | | https://lore.kernel.org/linux-cve-announce/2025102003-CVE-2025-40012-86b3@gregkh/T/#u | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37839 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40109 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37891 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39964 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37785 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39931 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39940 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40176 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38173 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40123 | | | | https://git.kernel.org/stable/c/d5411685dc2f6ac7bdf01a0a204d56cae38c6cf6 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38084 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40088 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39751 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40084 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38581 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40167 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40194 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40173 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37812 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40190 | | | | https://nvd.nist.gov/vuln/detail/CVE-2024-36357 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40198 | | | | https://bugzilla.redhat.com/show_bug.cgi?id=2405117 | | | | https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2767 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39938 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40153 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40053 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-23150 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-22080 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40202 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37863 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40206 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38717 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39692 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40012 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40043 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39992 | | </details> 漏洞分析指导链接: https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md 漏洞数据来源: 七彩瞬析开源风险感知平台 漏洞补丁信息: <details> <summary>详情(点击展开)</summary> | 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 | | ------- | -------- | ------- | -------- | --------- | | gregkh/linux | | https://git.kernel.org/stable/c/d5411685dc2f6ac7bdf01a0a204d56cae38c6cf6 | | ljqc | | gregkh/linux | | https://git.kernel.org/stable/c/14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7 | | ljqc | | gregkh/linux | | https://git.kernel.org/stable/c/a35c04de2565db191726b5741e6b66a35002c652 | | ljqc | | | | https://git.kernel.org/stable/c/14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7 | | cvedetails | | | | https://git.kernel.org/stable/c/a35c04de2565db191726b5741e6b66a35002c652 | | cvedetails | | | | https://git.kernel.org/stable/c/d5411685dc2f6ac7bdf01a0a204d56cae38c6cf6 | | cvedetails | </details> 二、漏洞分析结构反馈 影响性分析说明: In the Linux kernel, the following vulnerability has been resolved:net/smc: fix warning in smc_rx_splice() when calling get_page()smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which arelater passed to get_page() in smc_rx_splice(). Since kmalloc memory isnot page-backed, this triggers WARN_ON_ONCE() in get_page() and preventsholding a refcount on the buffer. This can lead to use-after-free ifthe memory is released before splice_to_pipe() completes.Use folio_alloc() instead, ensuring DMBs are page-backed and safe forget_page().WARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]CPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONEHardware name: IBM 3931 A01 704 (z/VM 7.4.0)Krnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc]) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3Krnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8Krnl Code: 0007931610326960: af000000 mc 0,0 0007931610326964: a7f4ff43 brc 15,00079316103267ea #0007931610326968: af000000 mc 0,0 >000793161032696c: a7f4ff3f brc 15,00079316103267ea 0007931610326970: e320f1000004 lg %r2,256(%r15) 0007931610326976: c0e53fd1b5f5 brasl %r14,000793168fd5d560 000793161032697c: a7f4fbb5 brc 15,00079316103260e6 0007931610326980: b904002b lgr %r2,%r11Call Trace: smc_rx_splice+0xafc/0xe20 [smc] smc_rx_splice+0x756/0xe20 [smc]) smc_rx_recvmsg+0xa74/0xe00 [smc] smc_splice_read+0x1ce/0x3b0 [smc] sock_splice_read+0xa2/0xf0 do_splice_read+0x198/0x240 splice_file_to_pipe+0x7e/0x110 do_splice+0x59e/0xde0 __do_splice+0x11a/0x2d0 __s390x_sys_splice+0x140/0x1f0 __do_syscall+0x122/0x280 system_call+0x6e/0x90Last Breaking-Event-Address:smc_rx_splice+0x960/0xe20 [smc]---[ end trace 0000000000000000 ]--- openEuler评分: 5.5 Vector:CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 受影响版本排查(受影响/不受影响): 1.openEuler-22.03-LTS-SP3(5.10.0):受影响 2.openEuler-22.03-LTS-SP4(5.10.0):受影响 3.openEuler-24.03-LTS(6.6.0):受影响 4.openEuler-24.03-LTS-SP1(6.6.0):受影响 5.openEuler-24.03-LTS-SP2(6.6.0):受影响 6.openEuler-24.03-LTS-SP3(6.6.0):受影响 7.master(6.12.33):不受影响 8.openEuler-20.03-LTS-SP4(4.19.90):不受影响 9.openEuler-24.03-LTS-Next(6.6.0):不受影响 修复是否涉及abi变化(是/否): 1.master(6.12.33):否 2.openEuler-20.03-LTS-SP4(4.19.90):否 3.openEuler-22.03-LTS-SP3(5.10.0):否 4.openEuler-22.03-LTS-SP4(5.10.0):否 5.openEuler-24.03-LTS(6.6.0):否 6.openEuler-24.03-LTS-Next(6.6.0):否 7.openEuler-24.03-LTS-SP1(6.6.0):否 8.openEuler-24.03-LTS-SP2(6.6.0):否 9.openEuler-24.03-LTS-SP3(6.6.0):否 原因说明: 1.openEuler-24.03-LTS(6.6.0):正常修复 2.openEuler-24.03-LTS-SP1(6.6.0):正常修复 3.openEuler-24.03-LTS-SP2(6.6.0):正常修复 4.openEuler-24.03-LTS-SP3(6.6.0):正常修复 5.openEuler-22.03-LTS-SP3(5.10.0):不修复-超出修复范围 6.openEuler-22.03-LTS-SP4(5.10.0):不修复-超出修复范围 7.master(6.12.33):不受影响-漏洞代码不能被攻击者触发 8.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发 9.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在 三、漏洞修复 安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-2767
一、漏洞信息 漏洞编号:[CVE-2025-40012](https://nvd.nist.gov/vuln/detail/CVE-2025-40012) 漏洞归属组件:[kernel](https://gitee.com/src-openeuler/kernel) 漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0 CVSS V4.0分值: BaseScore:N/A None Vector: 漏洞简述: In the Linux kernel, the following vulnerability has been resolved:net/smc: fix warning in smc_rx_splice() when calling get_page()smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which arelater passed to get_page() in smc_rx_splice(). Since kmalloc memory isnot page-backed, this triggers WARN_ON_ONCE() in get_page() and preventsholding a refcount on the buffer. This can lead to use-after-free ifthe memory is released before splice_to_pipe() completes.Use folio_alloc() instead, ensuring DMBs are page-backed and safe forget_page().WARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]CPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONEHardware name: IBM 3931 A01 704 (z/VM 7.4.0)Krnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc]) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3Krnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8Krnl Code: 0007931610326960: af000000 mc 0,0 0007931610326964: a7f4ff43 brc 15,00079316103267ea #0007931610326968: af000000 mc 0,0 >000793161032696c: a7f4ff3f brc 15,00079316103267ea 0007931610326970: e320f1000004 lg %r2,256(%r15) 0007931610326976: c0e53fd1b5f5 brasl %r14,000793168fd5d560 000793161032697c: a7f4fbb5 brc 15,00079316103260e6 0007931610326980: b904002b lgr %r2,%r11Call Trace: smc_rx_splice+0xafc/0xe20 [smc] smc_rx_splice+0x756/0xe20 [smc]) smc_rx_recvmsg+0xa74/0xe00 [smc] smc_splice_read+0x1ce/0x3b0 [smc] sock_splice_read+0xa2/0xf0 do_splice_read+0x198/0x240 splice_file_to_pipe+0x7e/0x110 do_splice+0x59e/0xde0 __do_splice+0x11a/0x2d0 __s390x_sys_splice+0x140/0x1f0 __do_syscall+0x122/0x280 system_call+0x6e/0x90Last Breaking-Event-Address:smc_rx_splice+0x960/0xe20 [smc]---[ end trace 0000000000000000 ]--- 漏洞公开时间:2025-10-21 00:15:37 漏洞创建时间:2025-10-20 23:52:09 漏洞详情参考链接: https://nvd.nist.gov/vuln/detail/CVE-2025-40012 <details> <summary>更多参考(点击展开)</summary> | 参考来源 | 参考链接 | 来源链接 | | ------- | -------- | -------- | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40204 | | | | https://www.cve.org/CVERecord?id=CVE-2025-40012 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40200 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38705 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40055 | | | | https://git.kernel.org/stable/c/14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40141 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37828 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39694 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40110 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40082 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40134 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40169 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40179 | | | | https://git.kernel.org/stable/c/a35c04de2565db191726b5741e6b66a35002c652 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40120 | | | | https://lore.kernel.org/linux-cve-announce/2025102003-CVE-2025-40012-86b3@gregkh/T | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40192 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38729 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40171 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40178 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40125 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40129 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40187 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40183 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40164 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39703 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38234 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40035 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40140 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40211 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38349 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38214 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40048 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40201 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38100 | | | | https://lore.kernel.org/linux-cve-announce/2025102003-CVE-2025-40012-86b3@gregkh/T/#u | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37839 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40109 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37891 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39964 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37785 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39931 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39940 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40176 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38173 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40123 | | | | https://git.kernel.org/stable/c/d5411685dc2f6ac7bdf01a0a204d56cae38c6cf6 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38084 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40088 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39751 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40084 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38581 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40167 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40194 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40173 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37812 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40190 | | | | https://nvd.nist.gov/vuln/detail/CVE-2024-36357 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40198 | | | | https://bugzilla.redhat.com/show_bug.cgi?id=2405117 | | | | https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2767 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39938 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40153 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40053 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-23150 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-22080 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40202 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-37863 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40206 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-38717 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39692 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40012 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-40043 | | | | https://nvd.nist.gov/vuln/detail/CVE-2025-39992 | | </details> 漏洞分析指导链接: https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md 漏洞数据来源: 七彩瞬析开源风险感知平台 漏洞补丁信息: <details> <summary>详情(点击展开)</summary> | 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源 | | ------- | -------- | ------- | -------- | --------- | | gregkh/linux | | https://git.kernel.org/stable/c/d5411685dc2f6ac7bdf01a0a204d56cae38c6cf6 | | ljqc | | gregkh/linux | | https://git.kernel.org/stable/c/14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7 | | ljqc | | gregkh/linux | | https://git.kernel.org/stable/c/a35c04de2565db191726b5741e6b66a35002c652 | | ljqc | | | | https://git.kernel.org/stable/c/14fc4fdae42e34d7ee871b292ac2ecc61c2c5de7 | | cvedetails | | | | https://git.kernel.org/stable/c/a35c04de2565db191726b5741e6b66a35002c652 | | cvedetails | | | | https://git.kernel.org/stable/c/d5411685dc2f6ac7bdf01a0a204d56cae38c6cf6 | | cvedetails | </details> 二、漏洞分析结构反馈 影响性分析说明: In the Linux kernel, the following vulnerability has been resolved:net/smc: fix warning in smc_rx_splice() when calling get_page()smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which arelater passed to get_page() in smc_rx_splice(). Since kmalloc memory isnot page-backed, this triggers WARN_ON_ONCE() in get_page() and preventsholding a refcount on the buffer. This can lead to use-after-free ifthe memory is released before splice_to_pipe() completes.Use folio_alloc() instead, ensuring DMBs are page-backed and safe forget_page().WARNING: CPU: 18 PID: 12152 at ./include/linux/mm.h:1330 smc_rx_splice+0xaf8/0xe20 [smc]CPU: 18 UID: 0 PID: 12152 Comm: smcapp Kdump: loaded Not tainted 6.17.0-rc3-11705-g9cf4672ecfee #10 NONEHardware name: IBM 3931 A01 704 (z/VM 7.4.0)Krnl PSW : 0704e00180000000 000793161032696c (smc_rx_splice+0xafc/0xe20 [smc]) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3Krnl GPRS: 0000000000000000 001cee80007d3001 00077400000000f8 0000000000000005 0000000000000001 001cee80007d3006 0007740000001000 001c000000000000 000000009b0c99e0 0000000000001000 001c0000000000f8 001c000000000000 000003ffcc6f7c88 0007740003e98000 0007931600000005 000792969b2ff7b8Krnl Code: 0007931610326960: af000000 mc 0,0 0007931610326964: a7f4ff43 brc 15,00079316103267ea #0007931610326968: af000000 mc 0,0 >000793161032696c: a7f4ff3f brc 15,00079316103267ea 0007931610326970: e320f1000004 lg %r2,256(%r15) 0007931610326976: c0e53fd1b5f5 brasl %r14,000793168fd5d560 000793161032697c: a7f4fbb5 brc 15,00079316103260e6 0007931610326980: b904002b lgr %r2,%r11Call Trace: smc_rx_splice+0xafc/0xe20 [smc] smc_rx_splice+0x756/0xe20 [smc]) smc_rx_recvmsg+0xa74/0xe00 [smc] smc_splice_read+0x1ce/0x3b0 [smc] sock_splice_read+0xa2/0xf0 do_splice_read+0x198/0x240 splice_file_to_pipe+0x7e/0x110 do_splice+0x59e/0xde0 __do_splice+0x11a/0x2d0 __s390x_sys_splice+0x140/0x1f0 __do_syscall+0x122/0x280 system_call+0x6e/0x90Last Breaking-Event-Address:smc_rx_splice+0x960/0xe20 [smc]---[ end trace 0000000000000000 ]--- openEuler评分: 5.5 Vector:CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 受影响版本排查(受影响/不受影响): 1.openEuler-22.03-LTS-SP3(5.10.0):受影响 2.openEuler-22.03-LTS-SP4(5.10.0):受影响 3.openEuler-24.03-LTS(6.6.0):受影响 4.openEuler-24.03-LTS-SP1(6.6.0):受影响 5.openEuler-24.03-LTS-SP2(6.6.0):受影响 6.openEuler-24.03-LTS-SP3(6.6.0):受影响 7.master(6.12.33):不受影响 8.openEuler-20.03-LTS-SP4(4.19.90):不受影响 9.openEuler-24.03-LTS-Next(6.6.0):不受影响 修复是否涉及abi变化(是/否): 1.master(6.12.33):否 2.openEuler-20.03-LTS-SP4(4.19.90):否 3.openEuler-22.03-LTS-SP3(5.10.0):否 4.openEuler-22.03-LTS-SP4(5.10.0):否 5.openEuler-24.03-LTS(6.6.0):否 6.openEuler-24.03-LTS-Next(6.6.0):否 7.openEuler-24.03-LTS-SP1(6.6.0):否 8.openEuler-24.03-LTS-SP2(6.6.0):否 9.openEuler-24.03-LTS-SP3(6.6.0):否 原因说明: 1.openEuler-24.03-LTS(6.6.0):正常修复 2.openEuler-24.03-LTS-SP1(6.6.0):正常修复 3.openEuler-24.03-LTS-SP2(6.6.0):正常修复 4.openEuler-24.03-LTS-SP3(6.6.0):正常修复 5.openEuler-22.03-LTS-SP3(5.10.0):不修复-超出修复范围 6.openEuler-22.03-LTS-SP4(5.10.0):不修复-超出修复范围 7.master(6.12.33):不受影响-漏洞代码不能被攻击者触发 8.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发 9.openEuler-20.03-LTS-SP4(4.19.90):不受影响-漏洞代码不存在 三、漏洞修复 安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-2767
評論 (
5
)
登錄
後才可以發表評論
狀態
已完成
待處理
已挂起
進行中
已完成
已拒绝
負責人
未設置
CTC-Xibo.Wang
CTC-XiboWang
負責人
協作者
+負責人
+協作者
標籤
CVE/FIXED
sig/Kernel
未設置
項目
未立項任務
未立項任務
里程碑
未關聯里程碑
未關聯里程碑
Pull Requests
未關聯
未關聯
關聯的 Pull Requests 被合併後可能會關閉此 issue
分支
未關聯分支
分支 (
-
)
標籤 (
-
)
開始時間 - 結束時間
-
置頂選項
不置頂
置頂等級:高
置頂等級:中
置頂等級:低
優先級
不指定
嚴重
主要
次要
不重要
預計工期
(小時)
参与者(2)
1
https://gitee.com/src-openeuler/kernel.git
git@gitee.com:src-openeuler/kernel.git
src-openeuler
kernel
kernel
點此查找更多幫助
搜索幫助
Git 命令在线学习
如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
評論
倉庫舉報
回到頂部
登錄提示
該操作需登錄 Gitee 帳號,請先登錄後再操作。
立即登錄
沒有帳號,去註冊
