目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2025-39824— Linux kernel 安全漏洞

AI 预测 6.5 利用难度: 困难 EPSS 0.15% · P5

影响版本矩阵 18

厂商产品版本范围状态
LinuxLinux9ce12d8be12c94334634dd57050444910415e45f< 9a9e4a8317437bf944fa017c66e1e23a0368b5c7affected
9ce12d8be12c94334634dd57050444910415e45f< 7170122e2ae4ab378c9cdf7cc54dea8b0abbbca5affected
9ce12d8be12c94334634dd57050444910415e45f< eaae728e7335b5dbad70966e2bd520a731fdf7b2affected
9ce12d8be12c94334634dd57050444910415e45f< a8ca8fe7f516d27ece3afb995c3bd4d07dcbe62caffected
9ce12d8be12c94334634dd57050444910415e45f< 5f3c0839b173f7f33415eb098331879e547d1d2daffected
9ce12d8be12c94334634dd57050444910415e45f< c0d77e3441a92d0b4958193c9ac1c3f81c6f1d1caffected
9ce12d8be12c94334634dd57050444910415e45f< 72a4ec018c9e9bc52f4f80eb3afb5d6a6b752275affected
9ce12d8be12c94334634dd57050444910415e45f< d3af6ca9a8c34bbd8cff32b469b84c9021c9e7e4affected
… +10 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2025-39824 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
HID: asus: fix UAF via HID_CLAIMED_INPUT validation
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: HID: asus: fix UAF via HID_CLAIMED_INPUT validation After hid_hw_start() is called hidinput_connect() will eventually be called to set up the device with the input layer since the HID_CONNECT_DEFAULT connect mask is used. During hidinput_connect() all input and output reports are processed and corresponding hid_inputs are allocated and configured via hidinput_configure_usages(). This process involves slot tagging report fields and configuring usages by setting relevant bits in the capability bitmaps. However it is possible that the capability bitmaps are not set at all leading to the subsequent hidinput_has_been_populated() check to fail leading to the freeing of the hid_input and the underlying input device. This becomes problematic because a malicious HID device like a ASUS ROG N-Key keyboard can trigger the above scenario via a specially crafted descriptor which then leads to a user-after-free when the name of the freed input device is written to later on after hid_hw_start(). Below, report 93 intentionally utilises the HID_UP_UNDEFINED Usage Page which is skipped during usage configuration, leading to the frees. 0x05, 0x0D, // Usage Page (Digitizer) 0x09, 0x05, // Usage (Touch Pad) 0xA1, 0x01, // Collection (Application) 0x85, 0x0D, // Report ID (13) 0x06, 0x00, 0xFF, // Usage Page (Vendor Defined 0xFF00) 0x09, 0xC5, // Usage (0xC5) 0x15, 0x00, // Logical Minimum (0) 0x26, 0xFF, 0x00, // Logical Maximum (255) 0x75, 0x08, // Report Size (8) 0x95, 0x04, // Report Count (4) 0xB1, 0x02, // Feature (Data,Var,Abs) 0x85, 0x5D, // Report ID (93) 0x06, 0x00, 0x00, // Usage Page (Undefined) 0x09, 0x01, // Usage (0x01) 0x15, 0x00, // Logical Minimum (0) 0x26, 0xFF, 0x00, // Logical Maximum (255) 0x75, 0x08, // Report Size (8) 0x95, 0x1B, // Report Count (27) 0x81, 0x02, // Input (Data,Var,Abs) 0xC0, // End Collection Below is the KASAN splat after triggering the UAF: [ 21.672709] ================================================================== [ 21.673700] BUG: KASAN: slab-use-after-free in asus_probe+0xeeb/0xf80 [ 21.673700] Write of size 8 at addr ffff88810a0ac000 by task kworker/1:2/54 [ 21.673700] [ 21.673700] CPU: 1 UID: 0 PID: 54 Comm: kworker/1:2 Not tainted 6.16.0-rc4-g9773391cf4dd-dirty #36 PREEMPT(voluntary) [ 21.673700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 21.673700] Call Trace: [ 21.673700] <TASK> [ 21.673700] dump_stack_lvl+0x5f/0x80 [ 21.673700] print_report+0xd1/0x660 [ 21.673700] kasan_report+0xe5/0x120 [ 21.673700] __asan_report_store8_noabort+0x1b/0x30 [ 21.673700] asus_probe+0xeeb/0xf80 [ 21.673700] hid_device_probe+0x2ee/0x700 [ 21.673700] really_probe+0x1c6/0x6b0 [ 21.673700] __driver_probe_device+0x24f/0x310 [ 21.673700] driver_probe_device+0x4e/0x220 [...] [ 21.673700] [ 21.673700] Allocated by task 54: [ 21.673700] kasan_save_stack+0x3d/0x60 [ 21.673700] kasan_save_track+0x18/0x40 [ 21.673700] kasan_save_alloc_info+0x3b/0x50 [ 21.673700] __kasan_kmalloc+0x9c/0xa0 [ 21.673700] __kmalloc_cache_noprof+0x139/0x340 [ 21.673700] input_allocate_device+0x44/0x370 [ 21.673700] hidinput_connect+0xcb6/0x2630 [ 21.673700] hid_connect+0xf74/0x1d60 [ 21.673700] hid_hw_start+0x8c/0x110 [ 21.673700] asus_probe+0x5a3/0xf80 [ 21.673700] hid_device_probe+0x2ee/0x700 [ 21.673700] really_probe+0x1c6/0x6b0 [ 21.673700] __driver_probe_device+0x24f/0x310 [ 21.673700] driver_probe_device+0x4e/0x220 [...] [ 21.673700] [ 21.673700] Freed by task 54: [ 21.673700] kasan_save_stack+0x3d/0x60 [ 21.673700] kasan_save_track+0x18/0x40 [ 21.673700] kasan_save_free_info+0x3f/0x60 [ 21.673700] __kasan_slab_free+0x3c/0x50 [ 21.673700] kfre ---truncated---
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于HID_CLAIMED_INPUT验证不当,可能导致释放后重用。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 9ce12d8be12c94334634dd57050444910415e45f ~ 9a9e4a8317437bf944fa017c66e1e23a0368b5c7 -
LinuxLinux 4.10 -

二、漏洞 CVE-2025-39824 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2025-39824 的情报信息

登录查看更多情报信息。

同批安全公告 · Linux · 2025-09-16 · 共 115 条

CVE-2022-50340Linux kernel 安全漏洞
CVE-2023-53307Linux kernel 安全漏洞
CVE-2023-53305Linux kernel 安全漏洞
CVE-2023-53304Linux kernel 安全漏洞
CVE-2022-50351Linux kernel 安全漏洞
CVE-2022-50352Linux kernel 安全漏洞
CVE-2022-50350Linux kernel 安全漏洞
CVE-2022-50348Linux kernel 安全漏洞
CVE-2022-50349Linux kernel 安全漏洞
CVE-2022-50347Linux kernel 安全漏洞
CVE-2022-50346Linux kernel 安全漏洞
CVE-2022-50343Linux kernel 安全漏洞
CVE-2022-50344Linux kernel 安全漏洞
CVE-2022-50342Linux kernel 安全漏洞
CVE-2022-50341Linux kernel 安全漏洞
CVE-2025-39827Linux kernel 安全漏洞
CVE-2025-39830Linux kernel 安全漏洞
CVE-2025-39829Linux kernel 安全漏洞
CVE-2025-39828Linux kernel 安全漏洞
CVE-2025-39831Linux kernel 安全漏洞

显示前 20 条,共 115 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2025-39824

暂无评论


发表评论