发布时间: 2025年8月29日
修改时间: 2025年8月29日
A vulnerability was found in Linux Kernel up to 6.15.3 (Operating System). It has been rated as problematic.Using CWE to declare the problem leads to CWE-252. The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.Impacted is confidentiality, integrity, and availability.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.95, 6.12.35, 6.15.4 or 6.16-rc1 eliminates this vulnerability. Applying the patch 119766de4930ff40db9f36b960cb53b0c400e81b/33163c68d2e3061fa3935b5f0a1867958b1cdbd2/9da3e442714f7f4393ff01c265c4959c03e88c2f/9a350f30d65197354706b7759b5c89d6c267b1a9/6bd2569d0b2f918e9581f744df0263caf73ee76c/4da7fcc098218ff92b2e83a43f545c02f714cedd/cdaa6d1cb2ff1219c6c822b27655dd170ffb0f72/9ad0452c0277b816a435433cca601304cfac7c21 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-19447).
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | |
| Attack Vector | Local | |
| CVSS评分 | N/A | 7.0 |
| Attack Complexity | High | |
| Privileges Required | Low | |
| Scope | Unchanged | |
| Integrity | High | |
| User Interaction | None | |
| Availability | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-2878 | kernel security update | 2025年9月15日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | kernel | Fixed |
