CNNVD-202509-3772 Information
CNNVD ID
CNNVD-202509-3772
Related CVE
- CNNVD Published: 2025-09-23
Description (Chinese)
fio是Jens Axboe个人开发者的一个灵活的I/O测试软件。 fio 3.41及之前版本存在代码问题漏洞,该漏洞源于options.c文件中str_buffer_pattern_cb函数存在空指针取消引用,可能导致本地攻击。
Description (English)
fio is a flexible I/O test software for Jens Axboe personal developers. Fio 3.41 and previous versions had a code problem loophole, which stemmed from the loss of references to the empty pointer function of the str buffer pattern cb, which could lead to local attacks.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2025-09-23
Last Modified
2026-02-24
References
https://vuldb.com/?submit.654069 https://github.com/axboe/fio/issues/1982 https://github.com/user-attachments/files/22266964/poc.zip https://vuldb.com/?id.325180 https://vuldb.com/?ctiid.325180 https://access.redhat.com/security/cve/cve-2025-10823
Patch
https://github.com/axboe/fio/commit/6a39dfaffdb8a6c2080eec0dc7fb1ee532d54025
Share on: