概要
Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。
說明
Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。
- 在 Linux 核心中,已解決下列弱點: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the second memory buffer may differ from the one allocated by the image kernel. When the restore kernel transfers control to the image kernel, its HFI buffer becomes invalid, potentially leading to memory corruption if the hardware writes to it (the hardware continues to use the buffer from the restore kernel). It is also possible that the hardware forgets the address of the memory buffer when resuming from deep suspend.
Memory corruption may also occur in such a scenario. To prevent the described memory corruption, disable HFI when preparing to suspend or hibernate. Enable it when resuming. Add syscore callbacks to handle the package of the boot CPU (packages of non-boot CPUs are handled via CPU offline). Syscore ops always run on the boot CPU. Additionally, HFI only needs to be disabled during deep suspend and hibernation. Syscore ops only run in these cases. [ rjw: Comment adjustment, subject and changelog edits ] (CVE-2024-26646)
請注意,Nessus 依賴供應商報告的套件存在。
Plugin 詳細資訊
檔案名稱: unpatched_CVE_2024_26646.nasl
代理程式: unix
支援的感應器: Nessus Agent, Nessus
風險資訊
媒介: CVSS2#AV:L/AC:L/Au:S/C:N/I:P/A:C
媒介: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
弱點資訊
必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched
可輕鬆利用: No known exploits are available