Azure Linux 3.0 安全性更新核心 (CVE-2024-46758)
high Nessus Plugin ID 215328
語言:
概要
遠端 Azure Linux 主機缺少一個或多個安全性更新。說明
遠端 Azure Linux 3.0 主機上安裝的核心版本比測試版舊。因此,此版本會受到 CVE-2024-46758 公告中提及的一個弱點影響。- 2024-10-24 CVE-2024-46828 已新增至此公告。 2024-10-24 CVE-2024-46840 已新增至此公告。 2024-10-24 CVE-2024-46822 已新增至此公告。 2024-10-24 CVE-2024-46829 已新增至此公告。在 Linux 核心中下列弱點已解決 ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723) In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738) In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739) In the Linux kernel, the following vulnerability has been resolved:
of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743) In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size (CVE-2024-46744) In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745) In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750) In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (CVE-2024-46756) In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (CVE-2024-46757) In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm95234) Fix underflows seen when writing limit attributes (CVE-2024-46758) In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759) In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771) In the Linux kernel, the following vulnerability has been resolved: udf:
Avoid excessive partition lengths (CVE-2024-46777) In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780) In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781) In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782) In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783) In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798) In the Linux kernel, the following vulnerability has been resolved: sch/netem:
fix use after free in netem_dequeue (CVE-2024-46800) In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822) In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828) In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829) In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840) (CVE-2024-46758)
請注意,Nessus 並未測試此問題,而是僅依據應用程式自我報告的版本號碼作出判斷。
解決方案
更新受影響的套件。另請參閱
Plugin 詳細資訊
嚴重性: High
ID: 215328
檔案名稱: azure_linux_CVE-2024-46758.nasl
版本: 1.1
類型: local
已發布: 2025/2/10
已更新: 2025/2/10
支援的感應器: Nessus
風險資訊
CVSS v2
風險因素: Medium
基本分數: 6.8
時間性分數: 5
媒介: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS 評分資料來源: CVE-2024-46758
CVSS v3
風險因素: High
基本分數: 7.8
時間性分數: 6.8
媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
弱點資訊
CPE: p-cpe:/a:microsoft:azure_linux:kernel-debuginfo, p-cpe:/a:microsoft:azure_linux:kernel-devel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-gpu, p-cpe:/a:microsoft:azure_linux:kernel-dtb, p-cpe:/a:microsoft:azure_linux:python3-perf, p-cpe:/a:microsoft:azure_linux:kernel-docs, x-cpe:/o:microsoft:azure_linux, p-cpe:/a:microsoft:azure_linux:kernel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-sound, p-cpe:/a:microsoft:azure_linux:bpftool, p-cpe:/a:microsoft:azure_linux:kernel-drivers-accessibility, p-cpe:/a:microsoft:azure_linux:kernel-tools
必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/AzureLinux/release, Host/AzureLinux/rpm-list
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2025/1/14
弱點發布日期: 2024/9/18
參考資訊
CVE: CVE-2024-46758