Linux Distros 未修補的弱點:CVE-2021-47400

medium Nessus Plugin ID 230148

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。

- nethns3不允許重複呼叫 hns3_nic_net_open 不允許重複呼叫 hns3_nic_net_open()但並未對此進行檢查。同時進行裝置重設和設定 tc 時有少量機會重複呼叫 hns3_nic_net_open並藉由呼叫 napi_enable 兩次造成核心錯誤。
呼叫追踪資訊如下[ 3078.222780] ------------[cut here ]------------ [3078.230255] net/core/ 的核心錯誤dev.c:6991! [ 3078.236224] 內部錯誤Oops - 錯誤0 [#1] PREEMPT SMP [ 3078.243431] 連結hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) 的模組 [ 3078.258880] CPU 0 PID295 通訊kworker/u8:5 污染GO 5.14.0-rc4+ #1 [ 3078.269102] 硬體名稱、BIOS KpxxxFPGA 1P B600 V181 2021 年 8 月 12 日 [ 3078.276801] 工作佇列hclge hclge_service_task [hclge] [ 3078.288774] pstate 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 3078.296168] pc
napi_enable+0x80/0x84 tc qdisc sho[w 3d0e7v8 .e3t0h218 79] lrhns3_nic_net_open+0x138/0x510 [hns3] [3078.314771] spffff8000108abb20 [ 3078.319099] x29 ffff800001008abb2070 x20800000020
ffff0820a8490300 [ 3078.329121] x26: 0000000000000001 x25ffff08209cfc6200 x24: 0000000000000000 [3078.339044] x23: ffff0820a8490300 x22: ffff08209a8490300 x22: 3078.349018ffff08209a8490300 x22: ffff08209a8490300 x22
0000000000000000 x19ffff08209cd76900 x180000000000000000 [ 3078.358620] x170000000000000000 x16
ffffc816e1727a50 x150000ffff8f4ff930 [ 3078.368895] x140000000000000000 x130000000000000000 x12
0000259e9dbeb6b4 [ 3078.377987] x110096a8f7e764eb40 x10: 634615ad28d3eab5 x9: ffffc816ad8885b8 [3078.387091] x8 ffff08209cfc6fb8 x7 ffff0820ac0da058 x6 : ffff0820ac0da058 x6 : ffff0820ac0da058 x6 : ffff0820ac0da058 x6 : ffff40 3078.396356[3: 8 ]2
0000000000000140 x4 0000000000000003 x3 ffff08209cd76938 [ 3078.405365] x2 0000000000000000 x1
0000000000000010 x0ffff0820abfe38a0 [ 3078.414657] 呼叫追踪 [ 3078.418517] napi_enable+0x80/0x84 [3078.424626] hns3_reset_notify_up_enet+0x78/0xd0 [hns3] [ 3078.433469] hns3_reset_notify+0x64/0x80 3078.441430hns3_client] h 0x68/0xb0 [hclge] [ 3078.450511] hclge_reset_rebuild+0x524/0x884 [hclge] [ 3078.458879] hclge_reset_service_task+0x3c4/0x680 [hclge] [ 3078.467470] hclge_service_task+0xb0/0xb54 [hclge] [ 3078.475675] process_one_work+0x1dc/ 0x48c [ 3078.481888] worker_thread+0x15c/0x464 [ 3078.487104] kthread+0x160/0x170 [ 3078.492479] ret_from_fork+0x10/0x18 [3078.498785] 程式碼 c8027c81 35ffffa2 d50323bf d65f03c0 (d4210000) [ 3078.506889] ---[ end trace 8ebe0340a1b0fb44 ]--- hns3_nic_net_open() 執行成功後將會清除 HNS3_NIC_STATE_DOWN 旗標。因此新增此旗標的檢查當未設定 HNS3_NIC_STATE_DOWN 時直接傳回。
(CVE-2021-47400)

請注意,Nessus 依賴供應商報告的套件存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://access.redhat.com/security/cve/cve-2021-47400

https://ubuntu.com/security/CVE-2021-47400

Plugin 詳細資訊

嚴重性: Medium

ID: 230148

檔案名稱: unpatched_CVE_2021_47400.nasl

版本: 1.2

類型: local

代理程式: unix

系列: Misc.

已發布: 2025/3/5

已更新: 2025/8/11

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: Low

分數: 1.4

CVSS v2

風險因素: Medium

基本分數: 4.9

時間性分數: 3.6

媒介: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS 評分資料來源: CVE-2021-47400

CVSS v3

風險因素: Medium

基本分數: 4

時間性分數: 3.5

媒介: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fips, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:canonical:ubuntu_linux:linux-aws-fips, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-fips, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-fips, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2024/5/21

參考資訊

CVE: CVE-2021-47400