Linux Distros 未修补的漏洞:CVE-2025-38578
critical Nessus 插件 ID 260106
语言:
简介
Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。描述
Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。- f2fs修复以避免 f2fs_sync_inode_meta() 中的 UAF syzbot 报告一个 UAF 问题如下 [1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000==================== ============================================== 缺陷KASAN中的释放后使用
__list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 由任务 kworker/u4:0/8 CPU:1 执行在 addr ffff888100567dc8 进行的大小为 8 的读取 CPU:1 PID8 Comm: kworker/u4:0 受感染的 GW 6.1.129-syzkaller- 00017-g642656a36791 #0 硬件名称Google Google Compute Engine/Google Compute EngineBIOS Google 02/12/2025 Workqueue
writeback wb_workfn (flush-7:0) 调用跟踪 <TASK> __dump_stack lib/dump_stack.c:88 [内联] dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [内联] print_report+0x158/0x4e0 mm/kasan/report.c:427 kasan_report+0x13c/0x170 mm/kasan/report.c:531
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351 __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 __list_del_entry include/linux/list.h:134 [内联] list_del_init include/linux/list.h:206 [ inline] f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553 f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588 f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706 f2fs_write_inode+s0x7070706/ /f2fs/inode.c:734 write_inode fs/fs-writeback.c:1460 [内联]
__writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677 writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903 __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974 wb_writeback+0x3da/0xa00 fs/ -writeback.c:2081 wb_check_background_flush fs/fs-writeback.c:2151 [内联] wb_do_writeback fs/fs-writeback.c:2239 [内联] wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266 process_one_work+0x73d/ 0xcb0 kernel/workqueue.c:2299 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446 kthread+0x26d/0x300 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> 由任务 298 分配
kasan_save_stack mm/kasan/common.c:45 [内联] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_alloc_info+0x1f/0x30 mm/kasan/generic.c:505 __kasan_slab_alloc+0x6c/0x80 mm/kasan/ common.c:333 kasan_slab_alloc include/linux/kasan.h:202 [inline] slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:768 slab_alloc_node mm/slub.c:3421 [内联] slab_alloc mm/slub.c:3431 [ inline] __kmem_cache_alloc_lru mm/slub.c:3438 [内联] kmem_cache_alloc_lru+0x102/0x270 mm/slub.c:3454 alloc_inode_sb include/linux/fs.h:3255 [内联] f2fs_alloc_inode+0x2d/0x350 fs/f2fs/super.c 1437 alloc_inode fs/inode.c:261 [内联] iget_locked+0x18c/0x7e0 fs/inode.c:1373 f2fs_iget+0x55/0x4ca0 fs/f2fs/inode.c:486 f2fs_lookup+0x3c1/0xb50 fs/f2fs/namei。 c:484 __lookup_slow+0x2b9/0x3e0 fs/namei.c:1689 lookup_slow+0x5a/0x80 fs/namei.c:1706 walk_component+0x2e7/0x410 fs/namei.c:1997 lookup_last fs/namei.c:2454 [内联] path_lookupat+0x16d/0x450 fs/namei.c:2478 filename_lookup+0x251/0x600 fs/namei.c:2507 vfs_statx+0x107/0x4b0 fs/st at.c:229 vfs_fstatat fs/stat.c:267 [内联] vfs_lstat include/linux/fs.h:3434 [内联] __do_sys_newlstat fs/stat.c:423 [内联] __se_sys_newlstat+0xda/0x7c0 fs/stat.c :417 __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417 x64_sys_call+0x52/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7 do_syscall_x64 arch/x86/entry/common.c:51 [内联] do_syscall_64 +0x3b/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 由任务 0 释放 kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x4b/0x70 mm/kasan/common.c :52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:516____kasan_slab_free+0x131/0x180 mm/kasan/common.c:241 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:249 kasan_slab_free include/linux/kasan .h:178 [inline] slab_free_hook mm/slub.c:1745 [inline] slab_free_freelist_hook mm/slub.c:1771 [inline] slab_free mm/slub.c:3686 [inline] kmem_cache_free+0x ---truncated--- (CVE-2025-38578)
请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。
解决方案
目前尚未有任何已知的解决方案。另见
插件详情
严重性: Critical
ID: 260106
文件名: unpatched_CVE_2025_38578.nasl
版本: 1.1
类型: local
代理: unix
系列: Misc.
发布时间: 2025/8/31
最近更新时间: 2025/8/31
支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
CVSS v2
风险因素: High
基本分数: 7.5
时间分数: 5.5
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 分数来源: CVE-2025-38578
CVSS v3
风险因素: Critical
基本分数: 9.8
时间分数: 8.5
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:14.0, cpe:/o:debian:debian_linux:12.0, cpe:/o:debian:debian_linux:13.0
必需的 KB 项: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier
易利用性: No known exploits are available
漏洞发布日期: 2025/8/19
参考资料信息
CVE: CVE-2025-38578