目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2025-71087— Linux kernel 安全漏洞

AI 预测 5.5 利用难度: 较易 EPSS 0.11% · P2

影响版本矩阵 16

厂商产品版本范围状态
LinuxLinux43a3d9ba34c9ca313573201d3f45de5ab3494cec< ceb8459df28d22c225a82d74c0f725f2a935d194affected
43a3d9ba34c9ca313573201d3f45de5ab3494cec< 5bb18bfd505ca1affbca921462c350095a6c798caffected
43a3d9ba34c9ca313573201d3f45de5ab3494cec< d7369dc8dd7cbf5cee3a22610028d847b6f02982affected
43a3d9ba34c9ca313573201d3f45de5ab3494cec< 18de0e41d69d97fab10b91fecf10ae78a5e43232affected
43a3d9ba34c9ca313573201d3f45de5ab3494cec< f36de3045d006e6d9be1be495f2ed88d1721e752affected
43a3d9ba34c9ca313573201d3f45de5ab3494cec< 3095228e1320371e143835d0cebeef1a8a754c66affected
43a3d9ba34c9ca313573201d3f45de5ab3494cec< 6daa2893f323981c7894c68440823326e93a7d61affected
4.7affected
… +8 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2025-71087 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
iavf: fix off-by-one issues in iavf_config_rss_reg()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory [1] and out-of-bounds writes to device registers. Before commit 43a3d9ba34c9 ("i40evf: Allow PF driver to configure RSS"), the loop upper bounds were: i <= I40E_VFQF_{HKEY,HLUT}_MAX_INDEX which is safe since the value is the last valid index. That commit changed the bounds to: i <= adapter->rss_{key,lut}_size / 4 where `rss_{key,lut}_size / 4` is the number of dwords, so the last valid index is `(rss_{key,lut}_size / 4) - 1`. Therefore, using `<=` accesses one element past the end. Fix the issues by using `<` instead of `<=`, ensuring we do not exceed the bounds. [1] KASAN splat about rss_key_size off-by-one BUG: KASAN: slab-out-of-bounds in iavf_config_rss+0x619/0x800 Read of size 4 at addr ffff888102c50134 by task kworker/u8:6/63 CPU: 0 UID: 0 PID: 63 Comm: kworker/u8:6 Not tainted 6.18.0-rc2-enjuk-tnguy-00378-g3005f5b77652-dirty #156 PREEMPT(voluntary) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Workqueue: iavf iavf_watchdog_task Call Trace: <TASK> dump_stack_lvl+0x6f/0xb0 print_report+0x170/0x4f3 kasan_report+0xe1/0x1a0 iavf_config_rss+0x619/0x800 iavf_watchdog_task+0x2be7/0x3230 process_one_work+0x7fd/0x1420 worker_thread+0x4d1/0xd40 kthread+0x344/0x660 ret_from_fork+0x249/0x320 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 63: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 __kmalloc_noprof+0x246/0x6f0 iavf_watchdog_task+0x28fc/0x3230 process_one_work+0x7fd/0x1420 worker_thread+0x4d1/0xd40 kthread+0x344/0x660 ret_from_fork+0x249/0x320 ret_from_fork_asm+0x1a/0x30 The buggy address belongs to the object at ffff888102c50100 which belongs to the cache kmalloc-64 of size 64 The buggy address is located 0 bytes to the right of allocated 52-byte region [ffff888102c50100, ffff888102c50134) The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c50 flags: 0x200000000000000(node=0|zone=2) page_type: f5(slab) raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888102c50000: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc ffff888102c50080: 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc >ffff888102c50100: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc ^ ffff888102c50180: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc ffff888102c50200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于iavf_config_rss_reg中存在差一错误,可能导致越界读写。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 43a3d9ba34c9ca313573201d3f45de5ab3494cec ~ ceb8459df28d22c225a82d74c0f725f2a935d194 -
LinuxLinux 4.7 -

二、漏洞 CVE-2025-71087 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2025-71087 的情报信息

登录查看更多情报信息。

同批安全公告 · Linux · 2026-01-13 · 共 93 条

CVE-2025-710897.8 HIGHLinux kernel 安全漏洞
CVE-2025-71067Linux kernel 安全漏洞
CVE-2025-71066Linux kernel 安全漏洞
CVE-2025-71064Linux kernel 安全漏洞
CVE-2025-68820Linux kernel 安全漏洞
CVE-2025-68819Linux kernel 安全漏洞
CVE-2025-68818Linux kernel 安全漏洞
CVE-2025-68817Linux kernel 安全漏洞
CVE-2025-68816Linux kernel 安全漏洞
CVE-2025-68821Linux kernel 安全漏洞
CVE-2025-71068Linux kernel 安全漏洞
CVE-2025-71069Linux kernel 安全漏洞
CVE-2025-71071多款产品安全漏洞
CVE-2025-71070Linux kernel 安全漏洞
CVE-2025-71072Linux kernel 安全漏洞
CVE-2025-71073Linux kernel 安全漏洞
CVE-2025-71074Linux kernel 安全漏洞
CVE-2025-71075Linux kernel 安全漏洞
CVE-2025-71077Linux kernel 安全漏洞
CVE-2025-71076Linux kernel 安全漏洞

显示前 20 条,共 93 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2025-71087

暂无评论


发表评论