目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2025-71089— Linux kernel 安全漏洞

CVSS 7.8 · High EPSS 0.14% · P4

影响版本矩阵 14

厂商产品版本范围状态
LinuxLinux26b25a2b98e45aeb40eedcedc586ad5034cbd984< b34289505180a83607fcfdce14b5a290d0528476affected
26b25a2b98e45aeb40eedcedc586ad5034cbd984< 7cad37e358970af1bb49030ff01f06a69fa7d985affected
26b25a2b98e45aeb40eedcedc586ad5034cbd984< 240cd7f2812cc25496b12063d11c823618f364e9affected
26b25a2b98e45aeb40eedcedc586ad5034cbd984< c2c3f1a3fd74ef16cf115f0c558616a13a8471b4affected
26b25a2b98e45aeb40eedcedc586ad5034cbd984< c341dee80b5df49a936182341b36395c831c2661affected
26b25a2b98e45aeb40eedcedc586ad5034cbd984< 72f98ef9a4be30d2a60136dd6faee376f780d06caffected
5.2affected
< 5.2unaffected
… +6 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2025-71089 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
iommu: disable SVA when CONFIG_X86 is set
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). In an SVA context, an IOMMU can cache kernel page table entries. When a kernel page table page is freed and reallocated for another purpose, the IOMMU might still hold stale, incorrect entries. This can be exploited to cause a use-after-free or write-after-free condition, potentially leading to privilege escalation or data corruption. This solution introduces a deferred freeing mechanism for kernel page table pages, which provides a safe window to notify the IOMMU to invalidate its caches before the page is reused. This patch (of 8): In the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware shares and walks the CPU's page tables. The x86 architecture maps the kernel's virtual address space into the upper portion of every process's page table. Consequently, in an SVA context, the IOMMU hardware can walk and cache kernel page table entries. The Linux kernel currently lacks a notification mechanism for kernel page table changes, specifically when page table pages are freed and reused. The IOMMU driver is only notified of changes to user virtual address mappings. This can cause the IOMMU's internal caches to retain stale entries for kernel VA. Use-After-Free (UAF) and Write-After-Free (WAF) conditions arise when kernel page table pages are freed and later reallocated. The IOMMU could misinterpret the new data as valid page table entries. The IOMMU might then walk into attacker-controlled memory, leading to arbitrary physical memory DMA access or privilege escalation. This is also a Write-After-Free issue, as the IOMMU will potentially continue to write Accessed and Dirty bits to the freed memory while attempting to walk the stale page tables. Currently, SVA contexts are unprivileged and cannot access kernel mappings. However, the IOMMU will still walk kernel-only page tables all the way down to the leaf entries, where it realizes the mapping is for the kernel and errors out. This means the IOMMU still caches these intermediate page table entries, making the described vulnerability a real concern. Disable SVA on x86 architecture until the IOMMU can receive notification to flush the paging cache before freeing the CPU kernel page table pages.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于IOMMU共享虚拟寻址可能缓存过时的内核页表条目,可能导致释放后重用或写入后释放,进而引发权限提升或数据损坏。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
LinuxLinux 26b25a2b98e45aeb40eedcedc586ad5034cbd984 ~ b34289505180a83607fcfdce14b5a290d0528476 -
LinuxLinux 5.2 -

二、漏洞 CVE-2025-71089 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2025-71089 的情报信息

登录查看更多情报信息。

同批安全公告 · Linux · 2026-01-13 · 共 93 条

CVE-2025-71067Linux kernel 安全漏洞
CVE-2025-71065Linux kernel 安全漏洞
CVE-2025-68822Linux kernel 安全漏洞
CVE-2025-68820Linux kernel 安全漏洞
CVE-2025-68819Linux kernel 安全漏洞
CVE-2025-68818Linux kernel 安全漏洞
CVE-2025-68817Linux kernel 安全漏洞
CVE-2025-68816Linux kernel 安全漏洞
CVE-2025-68821Linux kernel 安全漏洞
CVE-2025-71068Linux kernel 安全漏洞
CVE-2025-71066Linux kernel 安全漏洞
CVE-2025-71069Linux kernel 安全漏洞
CVE-2025-71071多款产品安全漏洞
CVE-2025-71070Linux kernel 安全漏洞
CVE-2025-71072Linux kernel 安全漏洞
CVE-2025-71073Linux kernel 安全漏洞
CVE-2025-71074Linux kernel 安全漏洞
CVE-2025-71075Linux kernel 安全漏洞
CVE-2025-71077Linux kernel 安全漏洞
CVE-2025-71076Linux kernel 安全漏洞

显示前 20 条,共 93 条。 查看全部 &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2025-71089

暂无评论


发表评论