摘要:
kernel security update
安全等级: High
公告ID: KylinSec-SA-2025-2878
发布日期: 2025年9月15日
关联CVE: CVE-2025-38222 CVE-2025-38350 CVE-2025-38474 CVE-2025-38494 CVE-2025-38457 CVE-2025-38445 CVE-2025-38415 CVE-2025-38181 CVE-2025-38515 CVE-2025-38386 CVE-2025-38177 CVE-2025-38086
The Linux Kernel, the operating system core itself.
Security Fix(es):
A vulnerability was found in Linux Kernel up to 6.15.3 (Operating System). It has been rated as problematic.Using CWE to declare the problem leads to CWE-252. The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.Impacted is confidentiality, integrity, and availability.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.95, 6.12.35, 6.15.4 or 6.16-rc1 eliminates this vulnerability. Applying the patch 119766de4930ff40db9f36b960cb53b0c400e81b/33163c68d2e3061fa3935b5f0a1867958b1cdbd2/9da3e442714f7f4393ff01c265c4959c03e88c2f/9a350f30d65197354706b7759b5c89d6c267b1a9/6bd2569d0b2f918e9581f744df0263caf73ee76c/4da7fcc098218ff92b2e83a43f545c02f714cedd/cdaa6d1cb2ff1219c6c822b27655dd170ffb0f72/9ad0452c0277b816a435433cca601304cfac7c21 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-19447).(CVE-2025-38086)
In the Linux kernel, the following vulnerability has been resolved:
sch_hfsc: make hfsc_qlen_notify() idempotent
hfsc_qlen_notify() is not idempotent either and not friendly
to its callers, like fq_codel_dequeue(). Let's make it idempotent
to ease qdisc_tree_reduce_backlog() callers' life:
1. update_vf() decreases cl->cl_nactive, so we can check whether it is
non-zero before calling it.
2. eltree_remove() always removes RB node cl->el_node, but we can use
RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe.(CVE-2025-38177)
A vulnerability was found in Linux Kernel up to 6.16-rc2 (Operating System) and classified as critical.Using CWE to declare the problem leads to CWE-911. The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.Impacted is availability.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.95, 6.12.35, 6.15.4 or 6.16-rc3 eliminates this vulnerability. Applying the patch 956f1499412ed0953f6a116df7fdb855e9f1fc66/f4ae0f61dd9a63329ecb49b1e6356139d43240b8/dc724bd34d56f5589f7587a091a8cda2386826c4/058dd4a370f23a5553a9449f2db53d5bfa88d45e/bde8833eb075ba8e8674de88e32de6b669966451/988edde4d52d5c02ea4dd95d7619372a5e2fb7b7/d092c7fd8e220b23d6c47e03d7d0cc79e731f379/10876da918fa1aec0227fb4c67647513447f53a9 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38181)
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.15.3 (Operating System).The manipulation of the argument ext4_prepare_inline_data with an unknown input leads to a unknown weakness.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.95, 6.12.35, 6.15.4 or 6.16-rc1 eliminates this vulnerability. Applying the patch d3dfc60efd145df5324b99a244b0b05505cde29b/717414a8c083c376d4a8940a1230fe0c6ed4ee00/9d1d1c5bf4fc1af76be154d3afb2acdbd89ec7d8/cf5f319a2d8ab8238f8cf3a19463b9bff6420934/26e09d18599da0adc543eabd300080daaeda6869/5766da2237e539f259aa0e5f3639ae37b44ca458/e80ee0263d88d77f2fd1927f915003a7066cbb50/227cb4ca5a6502164f850d22aec3104d7888b270 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-20034).(CVE-2025-38222)
A vulnerability was found in Linux Kernel up to 6.16-rc4 (Operating System). It has been classified as critical.CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.This is going to have an impact on confidentiality, integrity, and availability.Upgrading to version 5.4.296, 5.10.240, 5.15.187, 6.1.144, 6.6.97, 6.12.37, 6.15.6 or 6.16-rc5 eliminates this vulnerability. Applying the patch 3b290923ad2b23596208c1e29520badef4356a43/e9921b57dca05ac5f4fa1fa8e993d4f0ee52e2b7/e269f29e9395527bc00c213c6b15da04ebb35070/7874c9c132e906a52a187d045995b115973c93fb/f680a4643c6f71e758d8fe0431a958e9a6a4f59d/a553afd91f55ff39b1e8a1c4989a29394c9e0472/a44acdd9e84a211989ff4b9b92bf3545d8456ad5/103406b38c600fec1fe375a77b27d87e314aea09 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38350)
A vulnerability classified as critical was found in Linux Kernel up to 6.16-rc2 (Operating System).The manipulation of the argument method with an unknown input leads to a unknown weakness. The CWE definition for the vulnerability is CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.As an impact it is known to affect confidentiality, integrity, and availability.Upgrading to version 5.4.296, 5.10.240, 5.15.187, 6.1.144, 6.6.97, 6.12.37, 6.15.6 or 6.16-rc3 eliminates this vulnerability. Applying the patch b49d224d1830c46e20adce2a239c454cdab426f1/2219e49857ffd6aea1b1ca5214d3270f84623a16/ab1e8491c19eb2ea0fda81ef28e841c7cb6399f5/4305d936abde795c2ef6ba916de8f00a50f64d2d/d547779e72cea9865b732cd45393c4cd02b3598e/18ff4ed6a33a7e3f2097710eacc96bea7696e803/c9e4da550ae196132b990bd77ed3d8f2d9747f87/6fcab2791543924d438e7fa49276d0998b0a069f is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38386)
A vulnerability was found in Linux Kernel up to 6.15.2 (Operating System). It has been declared as problematic.The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer.As an impact it is known to affect confidentiality.Upgrading to version 5.4.295, 5.10.239, 5.15.186, 6.1.142, 6.6.94, 6.12.34, 6.15.3 or 6.16-rc1 eliminates this vulnerability. Applying the patch db7096ea160e40d78c67fce52e7cc51bde049497/549f9e3d7b60d53808c98b9fde49b4f46d0524a5/5c51aa862cbeed2f3887f0382a2708956710bd68/6abf6b78c6fb112eee495f5636ffcc350dd2ce25/4f99357dadbf9c979ad737156ad4c37fadf7c56b/0aff95d9bc7fb5400ca8af507429c4b067bdb425/295ab18c2dbce8d0ac6ecf7c5187e16e1ac8b282/734aa85390ea693bb7eaf2240623d41b03705c84 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38415)
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: Fix stack memory use after return in raid1_reshape
In the raid1_reshape function, newpool is
allocated on the stack and assigned to conf->r1bio_pool.
This results in conf->r1bio_pool.wait.head pointing
to a stack address.
Accessing this address later can lead to a kernel panic.
Example access path:
raid1_reshape()
{
// newpool is on the stack
mempool_t newpool, oldpool;
// initialize newpool.wait.head to stack address
mempool_init(&newpool...);
conf->r1bio_pool = newpool;
}
raid1_read_request() or raid1_write_request()
{
alloc_r1bio()
{
mempool_alloc()
{
// if pool->alloc fails
remove_element()
{
--pool->curr_nr;
}
}
}
}
mempool_free()
{
if (pool->curr_nr < pool->min_nr) {
// pool->wait.head is a stack address
// wake_up() will try to access this invalid address
// which leads to a kernel panic
return;
wake_up(&pool->wait);
}
}
Fix:
reinit conf->r1bio_pool.wait after assigning newpool.(CVE-2025-38445)
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.16-rc5 (Operating System).Impacted is confidentiality, integrity, and availability.Upgrading to version 5.4.296, 5.10.240, 5.15.189, 6.1.146, 6.6.99, 6.12.39, 6.15.7 or 6.16-rc6 eliminates this vulnerability. Applying the patch 923a276c74e25073ae391e930792ac86a9f77f1e/90436e72c9622c2f70389070088325a3232d339f/25452638f133ac19d75af3f928327d8016952c8e/23c165dde88eac405eebb59051ea1fe139a45803/4c691d1b6b6dbd73f30ed9ee7da05f037b0c49af/8ecd651ef24ab50123692a4e3e25db93cb11602a/e28a383d6485c3bb51dc5953552f76c4dea33eea/ffdde7bf5a439aaa1955ebd581f5c64ab1533963 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38457)
A vulnerability was found in Linux Kernel up to 6.1.146/6.6.99/6.12.39/6.15.7 (Operating System). It has been rated as problematic.Impacted is confidentiality, integrity, and availability.Upgrading to version 6.1.147, 6.6.100, 6.12.40 or 6.15.8 eliminates this vulnerability. Applying the patch 5849980faea1c792d1d5e54fdbf1e69ac0a9bfb9/5dd6a441748dad2f02e27b256984ca0b2d4546b6/65c666aff44eb7f9079c55331abd9687fb77ba2d/bfe8ef373986e8f185d3d6613eb1801a8749837a/4c4ca3c46167518f8534ed70f6e3b4bf86c4d158 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38474)
In the Linux kernel, the following vulnerability has been resolved:
HID: core: do not bypass hid_hw_raw_request
hid_hw_raw_request() is actually useful to ensure the provided buffer
and length are valid. Directly calling in the low level transport driver
function bypassed those checks and allowed invalid paramto be used.(CVE-2025-38494)
A vulnerability was found in Linux Kernel up to 6.15.6 (Operating System). It has been rated as critical.Using CWE to declare the problem leads to CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use.Impacted is availability.Upgrading to version 5.4.296, 5.10.240, 5.15.189, 6.1.146, 6.6.99, 6.12.39 or 6.15.7 eliminates this vulnerability. Applying the patch 549a9c78c3ea6807d0dc4162a4f5ba59f217d5a0/e62f51d0ec8a9baf324caf9a564f8e318d36a551/ef841f8e4e1ff67817ca899bedc5ebb00847c0a7/f9a4f28a4fc4ee453a92a9abbe36e26224d17749/c64f5310530baf75328292f9b9f3f2961d185183/e2d6547dc8b9b332f9bc00875197287a6a4db65a/ef58a95457466849fa7b31fd3953801a5af0f58b/8af39ec5cf2be522c8eb43a3d8005ed59e4daaee is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.(CVE-2025-38515)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-38222 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38350 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38474 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38494 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38457 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38445 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38415 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38181 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38515 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38386 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38177 | KY3.4-5A | kernel | Fixed |
| CVE-2025-38086 | KY3.4-5A | kernel | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| bpftool | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-devel | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-source | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-tools | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-tools-devel | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| perf | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| python2-perf | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| python3-perf | x86_64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| bpftool | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-devel | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-source | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-tools | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| kernel-tools-devel | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| perf | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| python2-perf | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
| python3-perf | aarch64 | 4.19.90-2408.1.0.0288.kb28.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
