目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2025-71072— Linux kernel 安全漏洞

AI Predicted 3.3 Difficulty: Theoretical EPSS 0.12% · P2

Affected Version Matrix 8

ベンダープロダクトVersion Rangeステータス
LinuxLinuxa2e459555c5f9da3e619b7e47a63f98574dc75f1< 4b0fe71fb3965d0db83cdfc2f4fe0b3227d70113affected
a2e459555c5f9da3e619b7e47a63f98574dc75f1< 4642686699a46718d7f2fb5acd1e9d866a9d9ccaaffected
a2e459555c5f9da3e619b7e47a63f98574dc75f1< e1b4c6a58304fd490124cc2b454d80edc786665caffected
6.6affected
< 6.6unaffected
6.12.64≤ 6.12.*unaffected
6.18.3≤ 6.18.*unaffected
6.19≤ *unaffected
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2025-71072の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
shmem: fix recovery on rename failures
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: shmem: fix recovery on rename failures maple_tree insertions can fail if we are seriously short on memory; simple_offset_rename() does not recover well if it runs into that. The same goes for simple_offset_rename_exchange(). Moreover, shmem_whiteout() expects that if it succeeds, the caller will progress to d_move(), i.e. that shmem_rename2() won't fail past the successful call of shmem_whiteout(). Not hard to fix, fortunately - mtree_store() can't fail if the index we are trying to store into is already present in the tree as a singleton. For simple_offset_rename_exchange() that's enough - we just need to be careful about the order of operations. For simple_offset_rename() solution is to preinsert the target into the tree for new_dir; the rest can be done without any potentially failing operations. That preinsertion has to be done in shmem_rename2() rather than in simple_offset_rename() itself - otherwise we'd need to deal with the possibility of failure after successful shmem_whiteout().
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于内存不足时重命名操作恢复不当,可能导致数据不一致。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux a2e459555c5f9da3e619b7e47a63f98574dc75f1 ~ 4b0fe71fb3965d0db83cdfc2f4fe0b3227d70113 -
LinuxLinux 6.6 -

II. CVE-2025-71072の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2025-71072のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Linux · 2026-01-13 · 93 CVEs total

CVE-2025-710897.8 HIGHiommu: disable SVA when CONFIG_X86 is set
CVE-2025-71067ntfs: set dummy blocksize to read boot_block when mounting
CVE-2025-71066net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
CVE-2025-71064net: hns3: using the num_tqps in the vf driver to apply for resources
CVE-2025-68820ext4: xattr: fix null pointer deref in ext4_raw_inode()
CVE-2025-68819media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
CVE-2025-68818scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
CVE-2025-68817ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
CVE-2025-68816net/mlx5: fw_tracer, Validate format string parameters
CVE-2025-68821fuse: fix readahead reclaim deadlock
CVE-2025-71068svcrdma: bound check rq_pages index in inline path
CVE-2025-71069f2fs: invalidate dentry cache on failed whiteout creation
CVE-2025-71071iommu/mediatek: fix use-after-free on probe deferral
CVE-2025-71070ublk: clean up user copy references on ublk server exit
CVE-2025-71073Input: lkkbd - disable pending work before freeing device
CVE-2025-71074functionfs: fix the open/removal races
CVE-2025-71075scsi: aic94xx: fix use-after-free in device removal path
CVE-2025-71077tpm: Cap the number of PCR banks
CVE-2025-71076drm/xe/oa: Limit num_syncs to prevent oversized allocations
CVE-2025-71078powerpc/64s/slb: Fix SLB multihit issue during SLB preload

Showing 20 of 93 CVEs. View all on vendor page →

IV. 関連脆弱性

V. CVE-2025-71072へのコメント

まだコメントはありません


コメントを残す