CNNVD-202510-2841 Information
CNNVD ID
CNNVD-202510-2841
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
OpenWrt是OpenWrt开源的一套针对嵌入式设备的Linux操作系统。 OpenWrt 24.10.4之前版本存在缓冲区错误漏洞,该漏洞源于ltq-ptm驱动程序的ioctls允许本地用户读写任意内核内存,可能导致沙箱逃逸。
Description (English)
OpenWrt is an OpenWrt open source Linux operating system for embedded devices. The previous version of OpenWrt 24.10.4 had an error loophole in the buffer zone, which originated from the octls of the ltq-ptm drive that allowed local users to read and write any kind of kernel memory, which could lead to sandbox escape.
Hazard Level
Medium
Vulnerability Type
缓冲区错误
Affected Vendor
个人开发者
Published
2025-10-22
Last Modified
2026-02-24
References
https://github.com/openwrt/openwrt/commit/2a76abc5442e3f74d95b4caa9bb57e5488fc132e https://openwrt.org/advisory/2025-10-22-2 https://github.com/openwrt/openwrt/security/advisories/GHSA-h427-frpr-7cqr https://github.com/openwrt/openwrt/commit/e001b31163a77683ee741d169f794cfa50926f37 https://access.redhat.com/security/cve/cve-2025-62525
Patch
https://github.com/openwrt/openwrt/releases
Share on: