目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2025-39885— Linux kernel 安全漏洞

AI 预测 7.8 利用难度: 极易 EPSS 0.11% · P1

可能的 ATT&CK 技术 1AI

T1499 · Endpoint Denial of Service

影响版本矩阵 18

厂商产品版本范围状态
LinuxLinux00dc417fa3e763345b34ccb6034d72de76eea0a1< 16e518ca84dfe860c20a62f3615e14e8af0ace57affected
00dc417fa3e763345b34ccb6034d72de76eea0a1< 7e1514bd44ef68007703c752c99ff7319f35bce6affected
00dc417fa3e763345b34ccb6034d72de76eea0a1< ef30404980e4c832ef9bba1b10c08f67fa77a9ecaffected
00dc417fa3e763345b34ccb6034d72de76eea0a1< 36054554772f95d090eb45793faf6aa3c0254b02affected
00dc417fa3e763345b34ccb6034d72de76eea0a1< 0709bc11b942870fc0a7be150e42aea42321093aaffected
00dc417fa3e763345b34ccb6034d72de76eea0a1< 1d3c96547ee2ddeaddf8f19a3ef99ea06cc8115eaffected
00dc417fa3e763345b34ccb6034d72de76eea0a1< 9efcb7a8b97310efed995397941a292cf89fa94faffected
00dc417fa3e763345b34ccb6034d72de76eea0a1< 04100f775c2ea501927f508f17ad824ad1f23c8daffected
… +10 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2025-39885 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
ocfs2: fix recursive semaphore deadlock in fiemap call
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591 ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142 do_page_mkwrite+0x14d/0x310 mm/memory.c:3361 wp_page_shared mm/memory.c:3762 [inline] do_wp_page+0x268d/0x5800 mm/memory.c:3981 handle_pte_fault mm/memory.c:6068 [inline] __handle_mm_fault+0x1033/0x5440 mm/memory.c:6195 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364 do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline] RIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline] RIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline] RIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26 Code: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89 f7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 <f3> a4 0f 1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41 RSP: 0018:ffffc9000403f950 EFLAGS: 00050256 RAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038 RDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060 RBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42 R10: dffffc0000000000 R11: fffff52000807f43 R12: 0000200000000098 R13: 00007ffffffff000 R14: ffffc9000403f9e0 R15: 0000200000000060 copy_to_user include/linux/uaccess.h:225 [inline] fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145 ocfs2_fiemap+0x888/0xc90 fs/ocfs2/extent_map.c:806 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1173/0x1430 fs/ioctl.c:532 __do_sys_ioctl fs/ioctl.c:596 [inline] __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f13850fd9 RSP: 002b:00007ffe3b3518b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f5f13850fd9 RDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004 RBP: 6165627472616568 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3b3518f0 R13: 00007ffe3b351b18 R14: 431bde82d7b634db R15: 00007f5f1389a03b ocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore (since v2.6.22-527-g7307de80510a) and calls fiemap_fill_next_extent() to read the extent list of this running mmap executable. The user supplied buffer to hold the fiemap information page faults calling ocfs2_page_mkwrite() which will take a write lock (since v2.6.27-38-g00dc417fa3e7) of the same semaphore. This recursive semaphore will hold filesystem locks and causes a hang of the fileystem. The ip_alloc_sem protects the inode extent list and size. Release the read semphore before calling fiemap_fill_next_extent() in ocfs2_fiemap() and ocfs2_fiemap_inline(). This does an unnecessary semaphore lock/unlock on the last extent but simplifies the error path.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于OCFS2文件系统中递归信号量死锁,可能导致文件系统挂起。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 00dc417fa3e763345b34ccb6034d72de76eea0a1 ~ 16e518ca84dfe860c20a62f3615e14e8af0ace57 -
LinuxLinux 2.6.28 -

二、漏洞 CVE-2025-39885 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2025-39885 的情报信息

登录查看更多情报信息。

CVE-2025-39885 补丁与修复 (3)

同批安全公告 · Linux · 2025-09-23 · 共 21 条

CVE-2025-39879Linux kernel 安全漏洞
CVE-2025-39887Linux kernel 安全漏洞
CVE-2025-39888Linux kernel 安全漏洞
CVE-2025-39886Linux kernel 安全漏洞
CVE-2025-39883Linux kernel 安全漏洞
CVE-2025-39884Linux kernel 安全漏洞
CVE-2025-39882Linux kernel 安全漏洞
CVE-2025-39880Linux kernel 安全漏洞
CVE-2025-39881Linux kernel 安全漏洞
CVE-2025-39878Linux kernel 安全漏洞
CVE-2025-39868Linux kernel 安全漏洞
CVE-2025-39877Linux kernel 安全漏洞
CVE-2025-39876Linux kernel 安全漏洞
CVE-2025-39874Linux kernel 安全漏洞
CVE-2025-39875Linux kernel 安全漏洞
CVE-2025-39873Linux kernel 安全漏洞
CVE-2025-39872Linux kernel 安全漏洞
CVE-2025-39871Linux kernel 安全漏洞
CVE-2025-39869Linux kernel 安全漏洞
CVE-2025-39870Linux kernel 安全漏洞

IV. Related Vulnerabilities

V. Comments for CVE-2025-39885

暂无评论


发表评论