偵測

Linux Distros 未修補的弱點:CVE-2022-49096

medium Nessus Plugin ID 225613

語言:

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。

 - netsfc新增遺漏的 xdp 佇列重新初始化在變更 rx/tx 環緩衝區大小後當其執行 XDP_TX 或 XDP_REDIRECT 時會發生核心錯誤。tx/rx 環緩衝區大小變更時 (ethtool -G)sfc 驅動程式會重新配置並重新初始化 rx 和 tx 佇列及其緩衝區 (tx_queue->buffer)。但它會遺漏重新初始化 xdp 佇列 (efx->xdp_tx_queues)。因此當其執行 XDP_TX 或 XDP_REDIRECT 時會使用未初始化的 tx_queue->buffer。新函式 efx_set_xdp_channels() 已從 efx_set_channels() 中分離出來僅處理 xdp 佇列。Splat 類似錯誤、核心 NULL 指標解除參照、位址
 000000000000002a #PF核心模式中的監督寫入權限 #PFerror_code(0x0002) - 不存在頁面 PGD 0 P4D 0 Oops0002 [#4] PREEMPT SMP NOPTI RIP0010:efx_tx_map_chunk+0x54/0x90 [sfc] CPU 2 PID0 通訊swapper/2 污染的 GD 5.17.0+ #55 e8beeee8289528f11357029357cf 程式碼48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 c 48 85 c9 74 0e 44 89 e2 49 f6 80 RSP0018:ffff92f121e45c60 EFLAGS: 00010297 RIP: 0010:efx_tx_map_chunk+0x54/0x90 [sfc] RAX: 000000000000040 RBXffff92ea506895c0 RCX
 ffffffffc0330870 RDX: 0000000000000001 RSI: 00000001139b10ce RDI: ffff92ea506895c0 RBP: ffffffffc0358a80 R08: 00000001139b110d R09: 0000000000000000 R10: 0000000000000001 R11: ffff92ea414c0088 R12:
 0000000000000040 R130000000000000018 R1400000001139b10ce R15ffff92ea506895c0 FS
 0000000000000000(0000) GS:ffff92f121ec0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0
 0000000080050033 Code: 48 8b 8d a8 01 00 00 48 8d 14 52 4c 8d 2c d0 44 89 e0 48 85 c9 74 0e 44 89 e2 4c 89 f6 48 80 CR2: 000000000000002a CR3: 00000003e6810004 CR4: 00000000007706e0 RSP: 0018:ffff92f121e85c60 EFLAGS: 00010297 PKRU55555554 RAX 0000000000000040 RBXffff92ea50689700 RCXffffffffc0330870 RDX
 0000000000000001 RSI: 00000001145a90ce RDI: ffff92ea50689700 RBP: ffffffffc0358a80 R08: 00000001145a910d R09: 0000000000000000 R10: 0000000000000001 R11: ffff92ea414c0088 R12: 0000000000000040 R13:
 R140000000000000018 : 00000001145a90ce R15: ffff92ea50689700 FS: 0000000000000000(0000) GS:ffff92f121e80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2:
 000000000000002a CR3: 00000003e6810005 CR4: 00000000007706e0 PKRU: 55555554 Call Trace: <IRQ> efx_xdp_tx_buffers+0x12b/0x3d0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5] __efx_rx_packet+0x5c3/0x930 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5] efx_rx_packet+0x28c/0x2e0 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5] efx_ef10_ev_process+0x5f8/0xf40 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5 ] ? enqueue_task_fair+0x95/0x550 efx_poll+0xc4/0x360 [sfc 84c94b8e32d44d296c17e10a634d3ad454de4ba5] (CVE-2022-49096)

請注意,Nessus 依賴供應商報告的套件存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://access.redhat.com/security/cve/cve-2022-49096

https://security-tracker.debian.org/tracker/CVE-2022-49096

https://ubuntu.com/security/CVE-2022-49096

Plugin 詳細資訊

嚴重性: Medium

ID: 225613

檔案名稱: unpatched_CVE_2022_49096.nasl

版本: 1.2

類型: local

代理程式: unix

系列: Misc.

已發布: 2025/3/5

已更新: 2025/8/9

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: Medium

分數: 4.4

CVSS v2

風險因素: Medium

基本分數: 6.6

時間性分數: 4.9

媒介: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C

CVSS 評分資料來源: CVE-2022-49096

CVSS v3

風險因素: Medium

基本分數: 5.5

時間性分數: 4.8

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:debian:debian_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2025/2/26

參考資訊

CVE: CVE-2022-49096