CVE-2025-38443— Linux kernel 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-38443の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
nbd: fix uaf in nbd_genl_connect() error path
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_genl_connect() error path There is a use-after-free issue in nbd: block nbd6: Receive control failed (result -104) block nbd6: shutting down sockets ================================================================== BUG: KASAN: slab-use-after-free in recv_work+0x694/0xa80 drivers/block/nbd.c:1022 Write of size 4 at addr ffff8880295de478 by task kworker/u33:0/67 CPU: 2 UID: 0 PID: 67 Comm: kworker/u33:0 Not tainted 6.15.0-rc5-syzkaller-00123-g2c89c1b655c0 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: nbd6-recv recv_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:408 [inline] print_report+0xc3/0x670 mm/kasan/report.c:521 kasan_report+0xe0/0x110 mm/kasan/report.c:634 check_region_inline mm/kasan/generic.c:183 [inline] kasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_dec include/linux/atomic/atomic-instrumented.h:592 [inline] recv_work+0x694/0xa80 drivers/block/nbd.c:1022 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3319 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3400 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 </TASK> nbd_genl_connect() does not properly stop the device on certain error paths after nbd_start_device() has been called. This causes the error path to put nbd->config while recv_work continue to use the config after putting it, leading to use-after-free in recv_work. This patch moves nbd_start_device() after the backend file creation.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于genl连接错误路径中的释放后使用问题。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
II. CVE-2025-38443の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-38443のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Linux · 2025-07-25 · 114 CVEs total
| CVE-2025-38424 | perf: Fix sample vs do_exit() | |
| CVE-2025-38438 | ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. | |
| CVE-2025-38437 | ksmbd: fix potential use-after-free in oplock/lease break ack | |
| CVE-2025-38436 | drm/scheduler: signal scheduled fence when kill job | |
| CVE-2025-38435 | riscv: vector: Fix context save/restore with xtheadvector | |
| CVE-2025-38434 | Revert "riscv: Define TASK_SIZE_MAX for __access_ok()" | |
| CVE-2025-38433 | riscv: fix runtime constant support for nommu kernels | |
| CVE-2025-38432 | net: netpoll: Initialize UDP checksum field before checksumming | |
| CVE-2025-38431 | smb: client: fix regression with native SMB symlinks | |
| CVE-2025-38430 | nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request | |
| CVE-2025-38429 | bus: mhi: ep: Update read pointer only after buffer is written | |
| CVE-2025-38428 | Input: ims-pcu - check record size in ims_pcu_flash_firmware() | |
| CVE-2025-38427 | video: screen_info: Relocate framebuffers behind PCI bridges | |
| CVE-2025-38425 | i2c: tegra: check msg length in SMBUS block read | |
| CVE-2025-38426 | drm/amdgpu: Add basic validation for RAS header | |
| CVE-2025-38413 | virtio-net: xsk: rx: fix the frame's length check | |
| CVE-2025-38416 | NFC: nci: uart: Set tty->disc_data only in success path | |
| CVE-2025-38415 | Squashfs: check return result of sb_min_blocksize | |
| CVE-2025-38414 | wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 | |
| CVE-2025-38417 | ice: fix eswitch code memory leak in reset scenario |
Showing 20 of 114 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
同じベンダー: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. CVE-2025-38443へのコメント
まだコメントはありません