Azure Linux 3.0 安全性更新核心 (CVE-2024-46758)

high Nessus Plugin ID 215328

概要

遠端 Azure Linux 主機缺少一個或多個安全性更新。

說明

遠端 Azure Linux 3.0 主機上安裝的核心版本比測試版舊。因此,此版本會受到 CVE-2024-46758 公告中提及的一個弱點影響。

- 2024-10-24 CVE-2024-46828 已新增至此公告。 2024-10-24 CVE-2024-46840 已新增至此公告。 2024-10-24 CVE-2024-46822 已新增至此公告。 2024-10-24 CVE-2024-46829 已新增至此公告。在 Linux 核心中下列弱點已解決 ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723) In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738) In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739) In the Linux kernel, the following vulnerability has been resolved:
of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743) In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size (CVE-2024-46744) In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745) In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750) In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (CVE-2024-46756) In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (CVE-2024-46757) In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm95234) Fix underflows seen when writing limit attributes (CVE-2024-46758) In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759) In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771) In the Linux kernel, the following vulnerability has been resolved: udf:
Avoid excessive partition lengths (CVE-2024-46777) In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780) In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781) In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782) In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783) In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798) In the Linux kernel, the following vulnerability has been resolved: sch/netem:
fix use after free in netem_dequeue (CVE-2024-46800) In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822) In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828) In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829) In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840) (CVE-2024-46758)

請注意,Nessus 並未測試此問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://nvd.nist.gov/vuln/detail/CVE-2024-46758

Plugin 詳細資訊

嚴重性: High

ID: 215328

檔案名稱: azure_linux_CVE-2024-46758.nasl

版本: 1.1

類型: local

已發布: 2025/2/10

已更新: 2025/2/10

支援的感應器: Nessus

風險資訊

CVSS v2

風險因素: Medium

基本分數: 6.8

時間性分數: 5

媒介: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2024-46758

CVSS v3

風險因素: High

基本分數: 7.8

時間性分數: 6.8

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:microsoft:azure_linux:kernel-debuginfo, p-cpe:/a:microsoft:azure_linux:kernel-devel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-gpu, p-cpe:/a:microsoft:azure_linux:kernel-dtb, p-cpe:/a:microsoft:azure_linux:python3-perf, p-cpe:/a:microsoft:azure_linux:kernel-docs, x-cpe:/o:microsoft:azure_linux, p-cpe:/a:microsoft:azure_linux:kernel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-sound, p-cpe:/a:microsoft:azure_linux:bpftool, p-cpe:/a:microsoft:azure_linux:kernel-drivers-accessibility, p-cpe:/a:microsoft:azure_linux:kernel-tools

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/AzureLinux/release, Host/AzureLinux/rpm-list

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2025/1/14

弱點發布日期: 2024/9/18

參考資訊

CVE: CVE-2024-46758