Linux Distros 未修補的弱點:CVE-2025-38578

critical Nessus Plugin ID 260106

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且廠商未提供可用的修補程式。

- f2fs修正以避免 f2fs_sync_inode_meta() 中發生 UAF syzbot 報告的 UAF 問題如下[1] [2] [1] https://syzkaller.appspot.com/text?tag=CrashReport&x=16594c60580000==================== ============================================== 錯誤KASAN中的釋放後使用
__list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 kworker/u4:0/8 工作於 addr ffff888100567dc8 讀取大小為 8 CPU: 1 PID: 8 通訊: kworker/u4:0 受污染的 GW 6.1.129-syzkaller- 00017-g642656a36791 #0 硬體名稱Google Google Compute Engine/Google Compute Engine、BIOS Google 02/12/2025 工作佇列
writeback wb_workfn (flush-7:0) 呼叫追踪 <TASK> __dump_stack lib/dump_stack.c:88 [內嵌] dump_stack_lvl+0x151/0x1b7 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:316 [內嵌] print_report+0x158/0x4e0 mm/kasan/report.c:427 kasan_report+0x13c/0x170 mm/kasan/report.c:531
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:351 __list_del_entry_valid+0xa6/0x130 lib/list_debug.c:62 __list_del_entry include/linux/list.h:134 [內嵌] list_del_init include/linux/list.h:206 [ inline] f2fs_inode_synced+0x100/0x2e0 fs/f2fs/super.c:1553 f2fs_update_inode+0x72/0x1c40 fs/f2fs/inode.c:588 f2fs_update_inode_page+0x135/0x170 fs/f2fs/inode.c:706 f2fs_write_s+x+0f416/0x170 /f2fs/inode.c:734 write_inode fs/fs-writeback.c:1460 [內嵌]
__writeback_single_inode+0x4cf/0xb80 fs/fs-writeback.c:1677 writeback_sb_inodes+0xb32/0x1910 fs/fs-writeback.c:1903 __writeback_inodes_wb+0x118/0x3f0 fs/fs-writeback.c:1974 wb_writeback+0x3da/0xafs00f/ -writeback.c:2081 wb_check_background_flush fs/fs-writeback.c:2151 [內嵌] wb_do_writeback fs/fs-writeback.c:2239 [內嵌] wb_workfn+0xbba/0x1030 fs/fs-writeback.c:2266 process_one_work+0x73d/ 0xcb0 kernel/workqueue.c:2299 worker_thread+0xa60/0x1260 kernel/workqueue.c:2446 kthread+0x26d/0x300 kernel/kthread.c:386 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> 由工作 298 配置
kasan_save_stack mm/kasan/common.c:45 [內嵌] kasan_set_track+0x4b/0x70 mm/kasan/common.c:52 kasan_save_alloc_info+0x1f/0x30 mm/kasan/generic.c:505 __kasan_slab_alloc+0x6c/0x80 mm/kasan/ common.c:333 kasan_slab_alloc include/linux/kasan.h:202 [內嵌] slab_post_alloc_hook+0x53/0x2c0 mm/slab.h:768 slab_alloc_node mm/slub.c:3421 [內嵌] slab_alloc mm/slub.c:3431 [ inline] __kmem_cache_alloc_lru mm/slub.c:3438 [inline] kmem_cache_alloc_lru+0x102/0x270 mm/slub.c:3454 alloc_inode_sb include/linux/fs.h:3255 [inline] f2fs_alloc_inode+0x2d/0x350 fs/f2fs/super.c 1437 alloc_inode fs/inode.c:261 [內嵌] iget_locked+0x18c/0x7e0 fs/inode.c:1373 f2fs_iget+0x55/0x4ca0 fs/f2fs/inode.c:486 f2fs_lookup+0x3c1/0xb50 fs/f2fs/namei。 c:484 __lookup_slow+0x2b9/0x3e0 fs/namei.c:1689 lookup_slow+0x5a/0x80 fs/namei.c:1706 walk_component+0x2e7/0x410 fs/namei.c:1997 lookup_last fs/namei.c:2454 [內嵌] path_lookupat+0x16d/0x450 fs/namei.c:2478 filename_lookup+0x251/0x600 fs/namei.c:2507 vfs_statx+0x107/0x4b0 fs/st at.c:229 vfs_fstatfs/stat.c:267 [內嵌] vfs_lstat include/linux/fs.h:3434 [內嵌] __do_sys_newlstat fs/stat.c:423 [內嵌] __se_sys_newlstat+0xda/0x7c0 fs/stat.c :417 __x64_sys_newlstat+0x5b/0x70 fs/stat.c:417 x64_sys_call+0x52/0x9a0 arch/x86/include/generated/asm/syscalls_64.h:7 do_syscall_x64 arch/x86/entry/common.c:51 [內嵌] do_syscall_64 +0x3b/0x80 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x68/0xd2 已由工作 0 kasan_save_stack mm/kasan/common.c:45 [內嵌] kasan_set_track+0x4b/0x70 mm/kasan/common.c :52 kasan_save_free_info+0x2b/0x40 mm/kasan/generic.c:516____kasan_slab_free+0x131/0x180 mm/kasan/common.c:241 __kasan_slab_free+0x11/0x20 mm/kasan/common.c:249 kasan_slab_free include/linux/kasan .h:178 [內嵌] slab_free_hook mm/slub.c:1745 [內嵌] slab_free_freelist_hook mm/slub.c:1771 [內嵌] slab_free mm/slub.c:3686 [內嵌] kmem_cache_free+0x ---truncated--- (CVE-2025-38578)

請注意,Nessus 的判定取決於廠商所報告的套件是否存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://security-tracker.debian.org/tracker/CVE-2025-38578

Plugin 詳細資訊

嚴重性: Critical

ID: 260106

檔案名稱: unpatched_CVE_2025_38578.nasl

版本: 1.1

類型: local

代理程式: unix

系列: Misc.

已發布: 2025/8/31

已更新: 2025/8/31

支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.7

CVSS v2

風險因素: High

基本分數: 7.5

時間性分數: 5.5

媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2025-38578

CVSS v3

風險因素: Critical

基本分數: 9.8

時間性分數: 8.5

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:14.0, cpe:/o:debian:debian_linux:12.0, cpe:/o:debian:debian_linux:13.0

必要的 KB 項目: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2025/8/19

參考資訊

CVE: CVE-2025-38578