CVE-2025-38490

一、漏洞信息
 漏洞编号：[CVE-2025-38490](https://nvd.nist.gov/vuln/detail/CVE-2025-38490)
 漏洞归属组件：[kernel](https://gitee.com/src-openeuler/kernel)
 漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
 CVSS V3.0分值：
  BaseScore：N/A None
  Vector：CVSS：3.0/
 漏洞简述：
  In the Linux kernel, the following vulnerability has been resolved:net: libwx: remove duplicate page_pool_put_full_page()page_pool_put_full_page() should only be invoked when freeing Rx buffersor building a skb if the size is too short. At other times, the pagesneed to be reused. So remove the redundant page put. In the originalcode, double free pages cause kernel panic:[  876.949834]  __irq_exit_rcu+0xc7/0x130[  876.949836]  common_interrupt+0xb8/0xd0[  876.949838]  </IRQ>[  876.949838]  <TASK>[  876.949840]  asm_common_interrupt+0x22/0x40[  876.949841] RIP: 0010:cpuidle_enter_state+0xc2/0x420[  876.949843] Code: 00 00 e8 d1 1d 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 cd fc 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d[  876.949844] RSP: 0018:ffffaa7340267e78 EFLAGS: 00000246[  876.949845] RAX: ffff9e3f135be000 RBX: 0000000000000002 RCX: 0000000000000000[  876.949846] RDX: 000000cc2dc4cb7c RSI: ffffffff89ee49ae RDI: ffffffff89ef9f9e[  876.949847] RBP: ffff9e378f940800 R08: 0000000000000002 R09: 00000000000000ed[  876.949848] R10: 000000000000afc8 R11: ffff9e3e9e5a9b6c R12: ffffffff8a6d8580[  876.949849] R13: 000000cc2dc4cb7c R14: 0000000000000002 R15: 0000000000000000[  876.949852]  ? cpuidle_enter_state+0xb3/0x420[  876.949855]  cpuidle_enter+0x29/0x40[  876.949857]  cpuidle_idle_call+0xfd/0x170[  876.949859]  do_idle+0x7a/0xc0[  876.949861]  cpu_startup_entry+0x25/0x30[  876.949862]  start_secondary+0x117/0x140[  876.949864]  common_startup_64+0x13e/0x148[  876.949867]  </TASK>[  876.949868] ---[ end trace 0000000000000000 ]---[  876.949869] ------------[ cut here ]------------[  876.949870] list_del corruption, ffffead40445a348->next is NULL[  876.949873] WARNING: CPU: 14 PID: 0 at lib/list_debug.c:52 __list_del_entry_valid_or_report+0x67/0x120[  876.949875] Modules linked in: snd_hrtimer(E) bnep(E) binfmt_misc(E) amdgpu(E) squashfs(E) vfat(E) loop(E) fat(E) amd_atl(E) snd_hda_codec_realtek(E) intel_rapl_msr(E) snd_hda_codec_generic(E) intel_rapl_common(E) snd_hda_scodec_component(E) snd_hda_codec_hdmi(E) snd_hda_intel(E) edac_mce_amd(E) snd_intel_dspcfg(E) snd_hda_codec(E) snd_hda_core(E) amdxcp(E) kvm_amd(E) snd_hwdep(E) gpu_sched(E) drm_panel_backlight_quirks(E) cec(E) snd_pcm(E) drm_buddy(E) snd_seq_dummy(E) drm_ttm_helper(E) btusb(E) kvm(E) snd_seq_oss(E) btrtl(E) ttm(E) btintel(E) snd_seq_midi(E) btbcm(E) drm_exec(E) snd_seq_midi_event(E) i2c_algo_bit(E) snd_rawmidi(E) bluetooth(E) drm_suballoc_helper(E) irqbypass(E) snd_seq(E) ghash_clmulni_intel(E) sha512_ssse3(E) drm_display_helper(E) aesni_intel(E) snd_seq_device(E) rfkill(E) snd_timer(E) gf128mul(E) drm_client_lib(E) drm_kms_helper(E) snd(E) i2c_piix4(E) joydev(E) soundcore(E) wmi_bmof(E) ccp(E) k10temp(E) i2c_smbus(E) gpio_amdpt(E) i2c_designware_platform(E) gpio_generic(E) sg(E)[  876.949914]  i2c_designware_core(E) sch_fq_codel(E) parport_pc(E) drm(E) ppdev(E) lp(E) parport(E) fuse(E) nfnetlink(E) ip_tables(E) ext4 crc16 mbcache jbd2 sd_mod sfp mdio_i2c i2c_core txgbe ahci ngbe pcs_xpcs libahci libwx r8169 phylink libata realtek ptp pps_core video wmi[  876.949933] CPU: 14 UID: 0 PID: 0 Comm: swapper/14 Kdump: loaded Tainted: G        W   E       6.16.0-rc2+ #20 PREEMPT(voluntary)[  876.949935] Tainted: [W]=WARN, [E]=UNSIGNED_MODULE[  876.949936] Hardware name: Micro-Star International Co., Ltd. MS-7E16/X670E GAMING PLUS WIFI (MS-7E16), BIOS 1.90 12/31/2024[  876.949936] RIP: 0010:__list_del_entry_valid_or_report+0x67/0x120[  876.949938] Code: 00 00 00 48 39 7d 08 0f 85 a6 00 00 00 5b b8 01 00 00 00 5d 41 5c e9 73 0d 93 ff 48 89 fe 48 c7 c7 a0 31 e8 89 e8 59 7c b3 ff <0f> 0b 31 c0 5b 5d 41 5c e9 57 0d 93 ff 48 89 fe 48 c7 c7 c8 31 e8[  876.949940] RSP: 0018:ffffaa73405d0c60 EFLAGS: 00010282[  876.949941] RAX: 0000000000000000 RBX: ffffead40445a348 RCX: 0000000000000000[  876.949942] RDX: 0000000000000105 RSI: 00000---truncated---
 漏洞公开时间：2025-07-28 20:15:31
 漏洞创建时间：2025-07-28 20:25:09
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2025-38490
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
|  | https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130 |  |
|  | https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a |  |
|  | https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6 |  |
|  | https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa |  |
|  | https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38490-7528@gregkh/T/#u |  |
|  | https://security-tracker.debian.org/tracker/CVE-2025-38490 |  |
|  | https://www.cve.org/CVERecord?id=CVE-2025-38490 |  |
|  | https://nvd.nist.gov/vuln/detail/CVE-2025-38490 |  |
|  | https://lore.kernel.org/linux-cve-announce/2025072816-CVE-2025-38490-7528@gregkh/T |  |
|  | https://bugzilla.redhat.com/show_bug.cgi?id=2383898 |  |
|  | https://ubuntu.com/security/CVE-2025-38490 |  |
|  | https://www.cve.org/CVERecord?id=CVE-2025-38490 |  |
|  | https://git.kernel.org/linus/1b7e585c04cd5f0731dd25ffd396277e55fae0e6 |  |
|  | https://access.redhat.com/security/cve/cve-2025-38490 |  |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  七彩瞬析开源风险感知平台
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
| gregkh/linux |  | https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa.patch |  | ljqc |
|  |  | https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130 |  | nvd |
|  |  | https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a |  | nvd |
|  |  | https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6 |  | nvd |
|  |  | https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa |  | nvd |
|  |  | https://git.kernel.org/linus/1b7e585c04cd5f0731dd25ffd396277e55fae0e6 |  | osv |

</details>
 
二、漏洞分析结构反馈
 影响性分析说明：
  
 openEuler评分：
   
 受影响版本排查(受影响/不受影响)：
  1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

修复是否涉及abi变化(是/否)：
  1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

原因说明：
  1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

@yangyingliang ,@jiaoff ,@guohaocs2c ,@hanjun-guo ,@woqidaideshi ,@newbeats ,@zhangyi089 ,@colyli ,@thundertown ,@htforge ,@chiqijun ,@lengchao ,@zhujianwei001 ,@kylin-mayukun ,@wangxiongfeng ,@wkfxxx ,@SuperSix173 ,@jentlestea ,@gasonchen ,@kailiu42 
**issue处理注意事项:** 
**1. 当前issue受影响的分支提交pr时, 须在pr描述中填写当前issue编号进行关联, 否则无法关闭当前issue;**
**2. 模板内容需要填写完整, 无论是受影响或者不受影响都需要填写完整内容,未引入的分支不需要填写, 否则无法关闭当前issue;**
**3. 以下为模板中需要填写完整的内容, 请复制到评论区回复, 注: 内容的标题名称(影响性分析说明, openEuler评分, 受影响版本排查(受影响/不受影响), 修复是否涉及abi变化(是/否), 原因说明)不能省略,省略后cve-manager将无法正常解析填写内容.**
************************************************************************
影响性分析说明:

openEuler评分: (评分和向量)

受影响版本排查(受影响/不受影响): 
1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

修复是否涉及abi变化(是/否)：
1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

原因说明：
1.master(6.12.33):
2.openEuler-20.03-LTS-SP4(4.19.90):
3.openEuler-22.03-LTS-SP3(5.10.0):
4.openEuler-22.03-LTS-SP4(5.10.0):
5.openEuler-24.03-LTS(6.6.0):
6.openEuler-24.03-LTS-Next(6.6.0):
7.openEuler-24.03-LTS-SP1(6.6.0):
8.openEuler-24.03-LTS-SP2(6.6.0):

issue处理具体操作请参考: 
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
pr关联issue具体操作请参考:
https://gitee.com/help/articles/4142

<table><tr><th white-space: nowrap;>参考网址</th> <th white-space: nowrap;>关联pr</th> <th white-space: nowrap;>状态</th> <th white-space: nowrap;>补丁链接</th></tr><tr><td rowspan="1">https://nvd.nist.gov/vuln/detail/CVE-2025-38490</td><td>None</td><td>None</td><td><a href=https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6>https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6</a><br /><a href=https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a>https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a</a><br /><a href=https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130>https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130</a><br /><a href=https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa>https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa</a></td></tr><tr><td>https://ubuntu.com/security/CVE-2025-38490</td><td></td><td></td><td></td></tr><tr><td rowspan="1">https://www.opencve.io/cve/CVE-2025-38490</td><td>None</td><td>None</td><td><a href=https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6>https://git.kernel.org/stable/c/1b7e585c04cd5f0731dd25ffd396277e55fae0e6</a><br /><a href=https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a>https://git.kernel.org/stable/c/08d18bda0d03f5ec376929a8c6c4495f9594593a</a><br /><a href=https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130>https://git.kernel.org/stable/c/003e4765d8661be97e650a833868c53d35574130</a><br /><a href=https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa>https://git.kernel.org/stable/c/3c91a56762b1f0d1e4af2d86c2cba83b61ed9eaa</a></td></tr><tr><td>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2025-38490</td><td></td><td></td><td></td></tr><tr><td>https://security-tracker.debian.org/tracker/CVE-2025-38490</td><td></td><td></td><td></td></tr><tr><td>http://www.cnnvd.org.cn/web/vulnerability/queryLds.tag?qcvCnnvdid=CVE-2025-38490</td><td></td><td></td><td></td></tr></table>

> 说明：补丁链接仅供初步排查参考，实际可用性请人工再次确认，补丁下载验证可使用[CVE补丁工具](https://gitee.com/openeuler/cve-manager/blob/master/cve-agency-manager/cve_tracking/README.md)。
若补丁不准确，烦请在此issue下评论 '/report-patch 参考网址 补丁链接1,补丁链接2' 反馈正确信息，便于我们不断优化工具，不胜感激。
如 /report-patch https://security-tracker.debian.org/tracker/CVE-2021-3997 https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1

src-openEuler/kernel

内容风险标识

评论 (3)

src-openEuler/kernel .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2025-38490

评论 (3)

搜索帮助

src-openEuler/kernel