CNNVD-202509-3771 Information

CNNVD ID

CNNVD-202509-3771

Related CVE

CVE-2025-10824

• CNNVD Published: 2025-09-23

Description (Chinese)

fio是Jens Axboe个人开发者的一个灵活的I/O测试软件。 fio 3.41及之前版本存在资源管理错误漏洞，该漏洞源于init.c文件中__parse_jobs_ini函数存在释放后重用问题，可能导致本地攻击。

Description (English)

fio is a flexible I/O test software for Jens Axboe personal developers. The resource management error gap in the fio 3.41 and previous versions stems from the re-use problem of the parse jobs ini function in the init.c file, which may lead to local attacks.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

个人开发者

Published

2025-09-23

Last Modified

2026-02-24

References

https://github.com/axboe/fio/issues/1981 https://vuldb.com/?submit.654072 https://vuldb.com/?id.325181 https://github.com/user-attachments/files/22266756/poc.zip https://vuldb.com/?ctiid.325181 https://access.redhat.com/security/cve/cve-2025-10824

Patch

https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025