CentOS 9：kernel-5.14.0-437.el9

low Nessus Plugin ID 193925

語系：

概要

遠端 CentOS 主機缺少一個或多個 bpftool 安全性更新。

說明

遠端 CentOS Linux 9 主機上安裝的套件受到 kernel-5.14.0-437.el9 版本變更記錄中提及的多個弱點影響。

- 在 Linux 核心中，下列弱點已解決：mm/sparsemem：修正存取 memory_section->usage 時出現爭用。觀察到出現下列爭用的情況：在屬於裝置記憶體區域的 PFN 中，PFN 的系統記憶體配置為 [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]。由於一般區域開始和結束 pfn 也包含裝置記憶體 PFN，因此觸發的壓實也會嘗試裝置記憶體 PFN，即使它們最終會進入 NOP (因為 pfn_to_online_page() 會在 ZONE_DEVICE 記憶體區段傳回 NULL)。如果是來自其他核心，在 ZONE_DEVICE 區域 (上述 PFN 所屬的區域，也是目前正在執行壓實的區域) 所要移除的區段對應會導致在啟用 CONFIG_SPASEMEM_VMEMAP 的情況下發生核心損毀。如需損毀記錄，請查看 [1]。
compact_zone() memunmap_pages ------------- --------------- __pageblock_pfn_to_page ...... (a)pfn_valid():
valid_section()//傳回 true (b)__remove_pages()-> sparse_remove_section()->section_deactivate()：[釋放陣列 ms->usage 並設定 ms->usage = NULL] pfn_section_valid() [存取為 NULL 的 ms->usage ] 注意：
根據上述情況，可以說 pfn_valid()/pfn_section_valid() 和區段停用 (已啟用 SPASEMEM_VMEMAP) 之間的爭用已減少。提交 b943f045a9af(mm/sparse：使用 pfn_section_valid 檢查修正核心損毀) 嘗試藉由清除預期為 valid_section() 的 SECTION_HAS_MEM_MAP 傳回 false 來解決相同的問題，因而不會存取 ms->usage。透過下列步驟修正此問題： a) 在釋放 ->usage 之前清除 SECTION_HAS_MEM_MAP。 b) 提供 RCU 保護的讀取端重要區段將在 SECTION_HAS_MEM_MAP 清除時或是能夠成功存取 ->usage 時傳回 NULL。 c) 使用 kfree_rcu() 釋放 ->usage，並設定 ms->usage = NULL。在此之後將不會嘗試存取 ->usage，因為已經清除 SECTION_HAS_MEM_MAP，因此 valid_section() 會傳回 false。感謝 David/Pavan 針對此修補程式提供的意見。 [1] https://lore.kernel.org/linux-mm/[email protected]/ 在 Snapshot SoC 上，採用上述的 PFN 記憶體組態為 [ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]，我們每天在裝置場上進行測試時，都能看到許多問題。以下是針對此特定問題的記錄。雖然下列記錄並未直接指向 pfn_section_valid(){ ms->usage;}，但是當我們在 T32 lauterbach 工具上載入此轉儲存時，其仍指向 pfn_section_valid(){ ms->usage;}。 [ 540.578056] 無法處理虛擬位址 0000000000000000 的核心 NULL 指標解除參照 [ 540.578068] 記憶體中止資訊： [ 540.578070] ESR = 0x0000000096000005 [ 540.578073] EC = 0x25：DABT (目前的 EL)，IL = 32 位元 [ 540.578077] ] ] SET = 0，FnV = 0 [ 540.578080] EA = 0，S1PTW = 0 [540.578082] FSC = 0x05：第 1 層轉譯錯誤 [ 540.578085] 資料中止資訊： [ 540.578086] ISV = 0，ISS = 0x00000005 [ 540.578088] CM = 0, WnR = 0 [ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO
-DIT -SSBSBTYPE=--) [ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c [ 540.579454] lr :
compact_zone+0x994/0x1058 [ 540.579460] sp : ffffffc03579b510 [ 540.579463] x29: ffffffc03579b510 x28:
0000000000235800 x27:000000000000000c [ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640 [ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000 [540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140 [ 540.579489] x17:
00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff [ 540.579495] x14: 0000008000000000 x13:
0000000000000000 x12:0000000000000001 [ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440 [ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4 [540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000 ---truncated--- (CVE-2023-52489)

- 在 Linux 核心中，下列弱點已解決：net: usb: smsc75xx：修正 __smsc75xx_read_reg syzbot 中的 uninit-value 存取報告以下 uninit-value 存取問題：
===================================================== BUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [內嵌] BUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 CPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0 硬體名稱：Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 工作佇列：
usb_hub_wq hub_event 呼叫追踪：__dump_stack lib/dump_stack.c:77 [內嵌] dump_stack+0x21c/0x280 lib/dump_stack.c:118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [內嵌] smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482 usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737 usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374 really_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/0x390 drivers/base/dd.c:701
__device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873 device_initial_probe+0x4a/0x60 drivers/base /dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032 usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241 usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272 real_probe+0xf20/0x20b0 drivers/base/dd.c:529 driver_probe_device+0x293/ 0x390 drivers/base/dd.c:701 __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807 bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431 __device_attach+0x4e2/0x7f0 drivers/base/dd.c :873 device_initial_probe+0x4a/0x60 drivers/base/dd.c:920 bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491 device_add+0x3b0e/0x40d0 drivers/base/core.c:2680 usb_new_device+0x1bd4/0x2a30 drivers /usb/core/hub.c:2554 hub_port_connect Rivers/usb/core/hub.c:5208 [內嵌] hub_port_connect_change drivers/usb/core/hub.c:5348 [內嵌] port_event drivers/usb/core/hub.c:5494 [內嵌] hub_event+0x5e7b/0x8a70 drivers /usb/core/hub.c:5576 process_one_work+0x1688/0x2140 kernel/workqueue.c:2269 worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415 kthread+0x551/0x590 kernel/kthread.c:292 ret_from_fork+0x1f/ 0x30 arch/x86/entry/entry_64.S:293 本機變數 ----buf.i87@smsc75xx_bind 建立於：
__smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [內嵌] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [內嵌] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482
__smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [內嵌] smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [內嵌] smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482 造成這個問題的原因是 usbnet_read_cmd() 讀取了比要求更少的位元組 (再生器中的零位元組)。
在此情況下，未正確填入「buf」。此修補程式會在 usbnet_read_cmd() 讀取的位元組少於要求時傳回 -ENODATA，藉此修正此問題。 (CVE-2023-52528)

請注意，Nessus 並未測試這些問題，而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新 CentOS 9 Stream bpftool 套件。

另請參閱

https://kojihub.stream.centos.org/koji/buildinfo?buildID=60487

Plugin 詳細資訊

嚴重性: Low

ID: 193925

檔案名稱: centos9_kernel-5_14_0-437_60487.nasl

版本: 1.0

類型: local

代理程式: unix

系列: CentOS Local Security Checks

已發布: 2024/4/26

已更新: 2024/4/26

支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

風險資訊

VPR

風險因素: Medium

分數: 4.4

CVSS v2

風險因素: Low

基本分數: 3.6

時間分數: 2.7

媒介: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS 評分資料來源: CVE-2023-52528

CVSS v3

風險因素: Low

基本分數: 3.5

時間分數: 3.1

媒介: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: cpe:/a:centos:centos:9, p-cpe:/a:centos:centos:bpftool, p-cpe:/a:centos:centos:kernel, p-cpe:/a:centos:centos:kernel-64k, p-cpe:/a:centos:centos:kernel-64k-core, p-cpe:/a:centos:centos:kernel-64k-debug, p-cpe:/a:centos:centos:kernel-64k-debug-core, p-cpe:/a:centos:centos:kernel-64k-debug-devel, p-cpe:/a:centos:centos:kernel-64k-debug-devel-matched, p-cpe:/a:centos:centos:kernel-64k-debug-modules, p-cpe:/a:centos:centos:kernel-64k-debug-modules-core, p-cpe:/a:centos:centos:kernel-64k-debug-modules-extra, p-cpe:/a:centos:centos:kernel-64k-debug-modules-internal, p-cpe:/a:centos:centos:kernel-64k-debug-modules-partner, p-cpe:/a:centos:centos:kernel-64k-devel, p-cpe:/a:centos:centos:kernel-64k-devel-matched, p-cpe:/a:centos:centos:kernel-64k-modules, p-cpe:/a:centos:centos:kernel-64k-modules-core, p-cpe:/a:centos:centos:kernel-64k-modules-extra, p-cpe:/a:centos:centos:kernel-64k-modules-internal, p-cpe:/a:centos:centos:kernel-64k-modules-partner, p-cpe:/a:centos:centos:kernel-abi-stablelists, p-cpe:/a:centos:centos:kernel-core, p-cpe:/a:centos:centos:kernel-rt-debug-core, p-cpe:/a:centos:centos:kernel-rt-debug-devel, p-cpe:/a:centos:centos:kernel-rt-debug-devel-matched, p-cpe:/a:centos:centos:kernel-rt-debug-kvm, p-cpe:/a:centos:centos:kernel-rt-debug-modules, p-cpe:/a:centos:centos:kernel-rt-debug-modules-core, p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra, p-cpe:/a:centos:centos:kernel-rt-debug-modules-internal, p-cpe:/a:centos:centos:kernel-rt-debug-modules-partner, p-cpe:/a:centos:centos:kernel-rt-devel, p-cpe:/a:centos:centos:kernel-rt-devel-matched, p-cpe:/a:centos:centos:kernel-rt-kvm, p-cpe:/a:centos:centos:kernel-rt-modules, p-cpe:/a:centos:centos:kernel-rt-modules-core, p-cpe:/a:centos:centos:kernel-rt-modules-extra, p-cpe:/a:centos:centos:kernel-rt-modules-internal, p-cpe:/a:centos:centos:kernel-rt-modules-partner, p-cpe:/a:centos:centos:kernel-selftests-internal, p-cpe:/a:centos:centos:kernel-tools, p-cpe:/a:centos:centos:kernel-tools-libs, p-cpe:/a:centos:centos:kernel-tools-libs-devel, p-cpe:/a:centos:centos:kernel-uki-virt, p-cpe:/a:centos:centos:kernel-zfcpdump, p-cpe:/a:centos:centos:kernel-zfcpdump-core, p-cpe:/a:centos:centos:kernel-zfcpdump-devel, p-cpe:/a:centos:centos:kernel-zfcpdump-devel-matched, p-cpe:/a:centos:centos:kernel-zfcpdump-modules, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-core, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-extra, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-internal, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-partner, p-cpe:/a:centos:centos:libperf, p-cpe:/a:centos:centos:libperf-devel, p-cpe:/a:centos:centos:kernel-cross-headers, p-cpe:/a:centos:centos:kernel-debug, p-cpe:/a:centos:centos:kernel-debug-core, p-cpe:/a:centos:centos:kernel-debug-devel, p-cpe:/a:centos:centos:kernel-debug-devel-matched, p-cpe:/a:centos:centos:kernel-debug-modules, p-cpe:/a:centos:centos:kernel-debug-modules-core, p-cpe:/a:centos:centos:kernel-debug-modules-extra, p-cpe:/a:centos:centos:kernel-debug-modules-internal, p-cpe:/a:centos:centos:kernel-debug-modules-partner, p-cpe:/a:centos:centos:kernel-debug-uki-virt, p-cpe:/a:centos:centos:kernel-devel, p-cpe:/a:centos:centos:kernel-devel-matched, p-cpe:/a:centos:centos:kernel-headers, p-cpe:/a:centos:centos:kernel-ipaclones-internal, p-cpe:/a:centos:centos:kernel-modules, p-cpe:/a:centos:centos:kernel-modules-core, p-cpe:/a:centos:centos:kernel-modules-extra, p-cpe:/a:centos:centos:kernel-modules-internal, p-cpe:/a:centos:centos:kernel-modules-partner, p-cpe:/a:centos:centos:kernel-rt, p-cpe:/a:centos:centos:kernel-rt-core, p-cpe:/a:centos:centos:kernel-rt-debug, p-cpe:/a:centos:centos:perf, p-cpe:/a:centos:centos:python3-perf, p-cpe:/a:centos:centos:rtla, p-cpe:/a:centos:centos:rv

必要的 KB 項目: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list, Host/cpu

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2024/4/9

弱點發布日期: 2024/3/2

參考資訊

CVE: CVE-2023-52489, CVE-2023-52528