一、 漏洞 CVE-2025-71107 基础信息
漏洞信息
# F2FS节点页面读取漏洞
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
f2fs: ensure node page reads complete before f2fs_put_super() finishes
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fs_put_super() finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1 ------------[ cut here ]------------ kernel BUG at fs/f2fs/super.c:1939! Oops: invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none) Tainted: [W]=WARN Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:f2fs_put_super+0x3b3/0x3c0 Call Trace: <TASK> generic_shutdown_super+0x7e/0x190 kill_block_super+0x1a/0x40 kill_f2fs_super+0x9d/0x190 deactivate_locked_super+0x30/0xb0 cleanup_mnt+0xba/0x150 task_work_run+0x5c/0xa0 exit_to_user_mode_loop+0xb7/0xc0 do_syscall_64+0x1ae/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]--- It appears that sometimes it is possible that f2fs_put_super() is called before all node page reads are completed. Adding a call to f2fs_wait_on_all_pages() for F2FS_RD_NODE fixes the problem.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Linux kernel 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于节点页读取未在f2fs_put_super完成前结束,可能导致文件系统引用计数泄漏。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-71107 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2025-71107 的情报信息
标题: Oh noes! -- 🔗来源链接
标签:
神龙速读:- **Title:** Oh noes! - **Error Message:** Access Denied: error code 4d1dbaddfcc0f385. - **Protection:** The website is protected by Anubis from Techaro. - **Version Information:** This website is running Anubis version 1.22.0. - **Additional Notes:** - Made with love in Canada. - Mascot design by CELPHASE.
标题: 503 Service Temporarily Unavailable -- 🔗来源链接
标签:
神龙速读:- **状态码**: 503 - **状态信息**: Service Temporarily Unavailable - **Web服务器**: nginx - **潜在问题**: 服务不可用,可能由于服务器过载、维护或其他暂时性问题导致。
标题: Oh noes! -- 🔗来源链接
标签:
神龙速读:- **Access Denied**: Indicates that the request to the webpage was denied. - **Error Code**: 4d1dbaddfcc0f385, potentially useful for identifying the specific reason for the access denial. - **Anubis Version**: 1.22.0, the version of the Anubis protection system being used, which could be significant for identifying potential known vulnerabilities associated with this version. - **Protection Details**: The website is protected by Anubis, a web application firewall solution from Techaro, suggesting a layer of security in place.
标题: Oh noes! -- 🔗来源链接
标签:
神龙速读:- **Access Denied**: error code 4d1dbaddfcc0f385. - **Protection**: The website is protected by Anubis from Techaro. - **Version Information**: This website is running Anubis version 1.22.0. - **Mascot Information**: Mascot design by CELPHASE. - **Additional Information**: Made with ❤️ in Canada.
- https://nvd.nist.gov/vuln/detail/CVE-2025-71107
四、漏洞 CVE-2025-71107 的评论
匿名用户
2026-01-15 06:08:19Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.