目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2025-71070— Linux kernel 安全漏洞

AI Predicted 3.3 Difficulty: Moderate EPSS 0.15% · P5

Possible ATT&CK Techniques 1AI

T1499 · Endpoint Denial of Service

Affected Version Matrix 8

ベンダープロダクトVersion Rangeステータス
LinuxLinuxe63d2228ef831af36f963b3ab8604160cfff84c1< 13456b4f1033d911f8bf3a0a1195656f293ba0f6affected
e63d2228ef831af36f963b3ab8604160cfff84c1< daa24603d9f0808929514ee62ced30052ca7221caffected
e537193fc4a43b48ac51cc6366319e15e32dd540affected
6.14.6< 6.15affected
6.15affected
< 6.15unaffected
6.18.3≤ 6.18.*unaffected
6.19≤ *unaffected
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2025-71070の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
ublk: clean up user copy references on ublk server exit
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: ublk: clean up user copy references on ublk server exit If a ublk server process releases a ublk char device file, any requests dispatched to the ublk server but not yet completed will retain a ref value of UBLK_REFCOUNT_INIT. Before commit e63d2228ef83 ("ublk: simplify aborting ublk request"), __ublk_fail_req() would decrement the reference count before completing the failed request. However, that commit optimized __ublk_fail_req() to call __ublk_complete_rq() directly without decrementing the request reference count. The leaked reference count incorrectly allows user copy and zero copy operations on the completed ublk request. It also triggers the WARN_ON_ONCE(refcount_read(&io->ref)) warnings in ublk_queue_reinit() and ublk_deinit_queue(). Commit c5c5eb24ed61 ("ublk: avoid ublk_io_release() called after ublk char dev is closed") already fixed the issue for ublk devices using UBLK_F_SUPPORT_ZERO_COPY or UBLK_F_AUTO_BUF_REG. However, the reference count leak also affects UBLK_F_USER_COPY, the other reference-counted data copy mode. Fix the condition in ublk_check_and_reset_active_ref() to include all reference-counted data copy modes. This ensures that any ublk requests still owned by the ublk server when it exits have their reference counts reset to 0.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于ublk服务器退出时未清理用户复制引用,可能导致释放后重用。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux e63d2228ef831af36f963b3ab8604160cfff84c1 ~ 13456b4f1033d911f8bf3a0a1195656f293ba0f6 -
LinuxLinux 6.15 -

II. CVE-2025-71070の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2025-71070のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Linux · 2026-01-13 · 93 CVEs total

CVE-2025-710897.8 HIGHiommu: disable SVA when CONFIG_X86 is set
CVE-2025-71067ntfs: set dummy blocksize to read boot_block when mounting
CVE-2025-71066net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
CVE-2025-71064net: hns3: using the num_tqps in the vf driver to apply for resources
CVE-2025-68820ext4: xattr: fix null pointer deref in ext4_raw_inode()
CVE-2025-68819media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
CVE-2025-68818scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
CVE-2025-68817ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
CVE-2025-68816net/mlx5: fw_tracer, Validate format string parameters
CVE-2025-68821fuse: fix readahead reclaim deadlock
CVE-2025-71068svcrdma: bound check rq_pages index in inline path
CVE-2025-71069f2fs: invalidate dentry cache on failed whiteout creation
CVE-2025-71071iommu/mediatek: fix use-after-free on probe deferral
CVE-2025-71072shmem: fix recovery on rename failures
CVE-2025-71073Input: lkkbd - disable pending work before freeing device
CVE-2025-71074functionfs: fix the open/removal races
CVE-2025-71075scsi: aic94xx: fix use-after-free in device removal path
CVE-2025-71077tpm: Cap the number of PCR banks
CVE-2025-71076drm/xe/oa: Limit num_syncs to prevent oversized allocations
CVE-2025-71078powerpc/64s/slb: Fix SLB multihit issue during SLB preload

Showing 20 of 93 CVEs. View all on vendor page →

IV. 関連脆弱性

V. CVE-2025-71070へのコメント

まだコメントはありません


コメントを残す