CVE-2025-38459

一、漏洞信息
 漏洞编号：[CVE-2025-38459](https://nvd.nist.gov/vuln/detail/CVE-2025-38459)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
 CVSS V3.0分值：
 BaseScore：N/A None
 Vector：CVSS：3.0/
 漏洞简述：
 In the Linux kernel, the following vulnerability has been resolved:atm: clip: Fix infinite recursive call of clip_push().syzbot reported the splat below. [0]This happens if we call ioctl(ATMARP_MKIP) more than once.During the first call, clip_mkip() sets clip_push() to vcc->push(),and the second call copies it to clip_vcc->old_push().Later, when the socket is close()d, vcc_destroy_socket() passesNULL skb to clip_push(), which calls clip_vcc->old_push(),triggering the infinite recursion.Let s prevent the second ioctl(ATMARP_MKIP) by checkingvcc->user_back, which is allocated by the first call as clip_vcc.Note also that we use lock_sock() to prevent racy calls.[0]:BUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)Oops: stack guard page: 0000 [#1] SMP KASAN NOPTICPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014RIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191Code: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00RSP: 0018:ffffc9000d670000 EFLAGS: 00010246RAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000RBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209eR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300R13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578FS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0Call Trace: <TASK> clip_push+0x6dc/0x720 net/atm/clip.c:200 clip_push+0x6dc/0x720 net/atm/clip.c:200 clip_push+0x6dc/0x720 net/atm/clip.c:200... clip_push+0x6dc/0x720 net/atm/clip.c:200 clip_push+0x6dc/0x720 net/atm/clip.c:200 clip_push+0x6dc/0x720 net/atm/clip.c:200 vcc_destroy_socket net/atm/common.c:183 [inline] vcc_release+0x157/0x460 net/atm/common.c:205 __sock_release net/socket.c:647 [inline] sock_close+0xc0/0x240 net/socket.c:1391 __fput+0x449/0xa70 fs/file_table.c:465 task_work_run+0x1d1/0x260 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114 exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline] syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline] syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline] do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7fRIP: 0033:0x7ff31c98e929Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48RSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4RAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003RBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226fR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608cR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090 </TASK>Modules linked in:
 漏洞公开时间：2025-07-26 00:15:31
 漏洞创建时间：2025-07-26 00:31:43
 漏洞详情参考链接：
 https://nvd.nist.gov/vuln/detail/CVE-2025-38459
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e |  |
|  | https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352 |  |
|  | https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f |  |
|  | https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31 |  |
|  | https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8 |  |
|  | https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45 |  |
|  | https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88 |  |
|  | https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2 |  |
|  | https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38459-e941@gregkh/T/#u |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-38459 |  |
|  | https://ubuntu.com/security/CVE-2025-38459 |  |
|  | https://www.cve.org/CVERecord?id=CVE-2025-38459 |  |
|  | https://git.kernel.org/linus/c489f3283dbfc0f3c00c312149cae90d27552c45 |  |

</details>

漏洞分析指导链接：
 https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
 七彩瞬析开源风险感知平台
 漏洞补丁信息：
 <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| gregkh/linux |  | https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45 |  | ljqc |
|  |  | https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e |  | nvd |
|  |  | https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352 |  | nvd |
|  |  | https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f |  | nvd |
|  |  | https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31 |  | nvd |
|  |  | https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8 |  | nvd |
|  |  | https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45 |  | nvd |
|  |  | https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88 |  | nvd |
|  |  | https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2 |  | nvd |
|  |  | https://git.kernel.org/linus/c489f3283dbfc0f3c00c312149cae90d27552c45 |  | osv |

</details>
 
二、漏洞分析结构反馈
 影响性分析说明：
 
 openEuler评分：
 
 受影响版本排查(受影响/不受影响)：
 1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

修复是否涉及abi变化(是/否)：
  1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

原因说明：
  1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

@yangyingliang ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@gasonchen ,@kailiu42 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否), 原因说明)不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

修复是否涉及abi变化(是/否)：
1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

原因说明：
1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

<table><tr><th white-space: nowrap;>参考网址</th> <th white-space: nowrap;>关联pr</th> <th white-space: nowrap;>状态</th> <th white-space: nowrap;>补丁链接</th></tr><tr><td rowspan="1">https://nvd.nist.gov/vuln/detail/CVE-2025-38459</td><td>None</td><td>None</td><td><a href=https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f>https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f</a> <a href=https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45>https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45</a> <a href=https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e>https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e</a> <a href=https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88>https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88</a> <a href=https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352>https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352</a> <a href=https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31>https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31</a> <a href=https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2>https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2</a> <a href=https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8>https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8</a></td></tr><tr><td>https://ubuntu.com/security/CVE-2025-38459</td><td></td><td></td><td></td></tr><tr><td rowspan="1">https://www.opencve.io/cve/CVE-2025-38459</td><td>None</td><td>None</td><td><a href=https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f>https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f</a> <a href=https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45>https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45</a> <a href=https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e>https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e</a> <a href=https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88>https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88</a> <a href=https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352>https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352</a> <a href=https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31>https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31</a> <a href=https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2>https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2</a> <a href=https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8>https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8</a></td></tr><tr><td>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2025-38459</td><td></td><td></td><td></td></tr><tr><td>https://security-tracker.debian.org/tracker/CVE-2025-38459</td><td></td><td></td><td></td></tr><tr><td>http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2025-38459</td><td></td><td></td><td></td></tr></table>

> 说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用[CVE补丁工具](https://gitee.com/openeuler/cve-manager/blob/master/cve-agency-manager/cve_tracking/README.md)。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址 补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

src-openEuler/kernel

内容风险标识

评论 (4)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-38459

评论 (4)

搜索帮助

src-openEuler/kernel