操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2025-2718)

摘要:

kernel security update

安全等级: Medium

公告ID: KylinSec-SA-2025-2718

发布日期: 2025年6月11日

关联CVE: CVE-2025-21662 CVE-2024-58058

详细介绍

1. 漏洞描述

The Linux Kernel, the operating system core itself.

Security Fix(es):

In the Linux kernel, the following vulnerability has been resolved:

ubifs: skip dumping tnc tree when zroot is null

Clearing slab cache will free all znode in memory and make
c->zroot.znode = NULL, then dumping tnc tree will access
c->zroot.znode which cause null pointer dereference.(CVE-2024-58058)

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: Fix variable not being completed when function returns

When cmd_alloc_index(), fails cmd_work_handler() needs
to complete ent->slotted before returning early.
Otherwise the task which issued the command may hang:

mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry
INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.
Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
kworker/13:2 D 0 4055883 2 0x00000228
Workqueue: events mlx5e_tx_dim_work [mlx5_core]
Call trace:
__switch_to+0xe8/0x150
__schedule+0x2a8/0x9b8
schedule+0x2c/0x88
schedule_timeout+0x204/0x478
wait_for_common+0x154/0x250
wait_for_completion+0x28/0x38
cmd_exec+0x7a0/0xa00 [mlx5_core]
mlx5_cmd_exec+0x54/0x80 [mlx5_core]
mlx5_core_modify_cq+0x6c/0x80 [mlx5_core]
mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core]
mlx5e_tx_dim_work+0x54/0x68 [mlx5_core]
process_one_work+0x1b0/0x448
worker_thread+0x54/0x468
kthread+0x134/0x138
ret_from_fork+0x10/0x18(CVE-2025-21662)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2025-21662	KY3.5.3	kernel	Fixed
CVE-2025-21662	KY3.5.2	kernel	Fixed
CVE-2024-58058	KY3.5.3	kernel	Fixed
CVE-2024-58058	KY3.5.2	kernel	Fixed

3. 影响组件

kernel

4. 修复版本

KY3.5.3

软件名称	架构	版本号
bpftool	x86_64	5.10.0-236.0.0.rt62.63.ky3_5
kernel	x86_64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-devel	x86_64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-headers	x86_64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-source	x86_64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-tools	x86_64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-tools-devel	x86_64	5.10.0-216.0.0.115.kb9.ky3_5
perf	x86_64	5.10.0-236.0.0.rt62.63.ky3_5
python3-perf	x86_64	5.10.0-236.0.0.rt62.63.ky3_5
bpftool	aarch64	5.10.0-236.0.0.rt62.63.ky3_5
kernel	aarch64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-devel	aarch64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-headers	aarch64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-source	aarch64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-tools	aarch64	5.10.0-216.0.0.115.kb9.ky3_5
kernel-tools-devel	aarch64	5.10.0-216.0.0.115.kb9.ky3_5
perf	aarch64	5.10.0-236.0.0.rt62.63.ky3_5
python3-perf	aarch64	5.10.0-236.0.0.rt62.63.ky3_5

KY3.5.2

软件名称	架构	版本号
bpftool	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
kernel	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-devel	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-headers	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-source	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-tools	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-tools-devel	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
perf	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
python3-perf	x86_64	5.10.0-216.0.0.115.kb13.ky3_5
bpftool	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
kernel	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-devel	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-headers	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-source	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-tools	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
kernel-tools-devel	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
perf	aarch64	5.10.0-216.0.0.115.kb13.ky3_5
python3-perf	aarch64	5.10.0-216.0.0.115.kb13.ky3_5