偵測

Linux Distros 未修補的弱點:CVE-2024-38601

medium Nessus Plugin ID 229530

語言:

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。

 - ring-buffer修正讀取器和調整大小檢查之間的爭用。rb_get_reader_page() 中的讀取器程式碼透過對 old->list.prev->next 執行 cmpxchg 將其指向新頁面來將新的讀取器頁面交換至環緩衝區。
 接著若作業成功old->list.next->prev 也會更新。這表示基礎雙重連結清單暫時不一致page->prev->next 或 page->next->prev 可能無法與 ring 緩衝區中某個頁面的回頁相等。ring_buffer_resize() 中的調整大小作業可平行叫用。它會呼叫 rb_check_pages()其可偵測所述的不一致並停止進一步追踪 [ 190.271762] ------------[cut here ]------------ [ 190.271771] 警告CPU 1 PID
 kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0 的 6186 [ 190.271789] 連結的模組
 [...] [ 190.271991] 已卸載受污染模組intel_uncore_frequency(E):1 skx_edac(E):1 [ 190.272002] CPU
 1 PID6186 Commcmd.sh Kdump 已載入 污染的 GE 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f [ 190.272011] 硬體名稱QEMU Standard PC (Q35 + ICH9, 2009)BIOS rel-1.16.0 -0-gd239552c-rebuilt.opensuse.org 04/01/2014 [ 190.272015] RIP
 0010:rb_check_pages.isra.0+0x6a/0xa0 [ 190.272023] 程式碼[...] [ 190.272028] RSP0018:ffff9c37463abb70 EFLAGS: 00010206 [ 190.272034] RAX: ffff8eba04b6cb80 RBX0000000000000007 RdCX08[190.272038eba3] ] RDXffff8eba01f130c0 RSIffff8eba04b6cd00 RDIffff8eba0004c700 [ 190.272042] RBP
 ffff8eba0004c700 R080000000000010002 R090000000000000000 [ 190.272045] R1000000000ffff7f52 R11
 ffff8eba7f600000 R12ffff8eba0004c720 [ 190.272049] R13ffff8eba00223a00 R140000000000000008 R15
 ffff8eba067a8000 [ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000 [ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.272061] CR2: 00007f1bd6662590 CR3:
 000000010291e001 CR40000000000370ef0 [ 190.272070] DR00000000000000000 DR10000000000000000 DR2
 0000000000000000 [ 190.272073] DR30000000000000000 DR600000000fffe0ff0 DR7: 0000000000000400 [190.272077] 呼叫追踪 [ 190.272098] <TASK> [ 190.272189] ring_buffer_resize+0x2ab/0x460 [ 190.272199]
 __tracing_resize_ring_buffer.part.0+0x23/0xa0 [ 190.272206] tracing_resize_ring_buffer+0x65/0x90 [190.272216] tracing_entries_write+0x74/0xc0 [ 190.272225] vfs_write+0xf5/0x420 [ 190.272248] ksys_write+0x67/0xe0 [ 190.272256] do_syscall_64 +0x82/0x170 [ 190.272363] 190.272391entry_SYSCALL_64_after_hwframe +0x76/0x7e [ 190.272373] RIP 0033:0x7f1bd657d263 [ 190.272381] 程式碼 [...] [ 190.272385] RSP 002b:00007ffe72b643f8 EFLAGS00000246 ORIG_RAX000 0000000 000000100 ] RAX
 ffffffffffffffda RBX 0000000000000002 RCX 00007f1bd657d263 [ 190.272395] RDX 0000000000000002 RSI
 0000555a6eb538e0 RDI 0000000000000001 [ 190.272398] RBP 0000555a6eb538e0 R08000000000000000a R09
 0000000000000000 [ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500 [190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002 [ 190.272412] </TASK> [190.272414] ---[ end trace 0000000000000000 ]--- 請注意只有在父項 trace_buffer 已停用記錄時ring_buffer_resize() 才會呼叫 rb_check_pages()。最近提交 d78ab792705c (追踪調整緩衝區大小時停止目前的追踪器) 造成現在一律如此使其更容易遇到此問題。不過發生此爭用的時間範圍非常小。為協助重現可在 rb_get_reader_page() 中新增延遲迴圈 ret = rb_head_page_replace(reader, cpu_buffer->reader_page);
 if (!ret) goto spin for (unsigned i = 0; i < 1U << 26; i++) /* 插入延遲迴圈 */ __asm__
 __volatile__ ( : memory) rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list;
 .. ---truncated--- (CVE-2024-38601)

請注意,Nessus 依賴供應商報告的套件存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://access.redhat.com/security/cve/cve-2024-38601

https://ubuntu.com/security/CVE-2024-38601

Plugin 詳細資訊

嚴重性: Medium

ID: 229530

檔案名稱: unpatched_CVE_2024_38601.nasl

版本: 1.2

類型: local

代理程式: unix

系列: Misc.

已發布: 2025/3/5

已更新: 2025/8/7

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: Medium

分數: 4.4

CVSS v2

風險因素: Medium

基本分數: 6.3

時間性分數: 4.7

媒介: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:C

CVSS 評分資料來源: CVE-2024-38601

CVSS v3

風險因素: Medium

基本分數: 4.1

時間性分數: 3.6

媒介: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fips, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-aws-fips, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-fips, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-fips, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-lts-xenial, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2024/6/19

參考資訊

CVE: CVE-2024-38601