偵測

Linux Distros 未修補的弱點:CVE-2025-38267

high Nessus Plugin ID 246948

語言:

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。

 - ring-buffer由於 commit_overrun 不觸發 WARN_ON()。讀取記憶體對應緩衝區時讀取器頁面會剛好被寫入寫入緩衝區的最後一頁交換出。如果讀取器頁面與認可緩衝區 (目前正在寫入的緩衝區) 相同則假設其絕不應該有遺漏事件。如果是則會觸發 WARN_ON_ONCE()。但是只有在某種情況下才會發生這種情況。這發生在 commit_overrun 上。認可滿溢是指中斷先佔了寫入緩衝區的事件然後該中斷新增太多新事件以致於填滿並將緩衝區重新包裝回認可。然後系統會捨棄所有新事件並報告為missed_events。在此情況下下一個要讀取的頁面是提交緩衝區而讀取器頁面交換之後讀取器頁面將會是提交緩衝區但這次會有遺漏的事件進而觸發下列警告---- --------[cut here ]------------ 警告 CPU: 2 PID: 1127 at kernel/trace/ring_buffer.c:7357 ring_buffer_map_get_reader+0x49a/0x780 模組連結kvm_intel kvm irqbypass CPU2 UID0 PID1127 Commtrace-cmd 未受污染的 6.15。0-rc7-test-00004-g478bc2824b45-dirty#564 PREEMPT 硬體名稱QEMU Standard PC (Q35 + ICH9, 2009)BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP 0010:ring_buffer_map_get_reader+0x49a/0x780 程式碼00 00 00 48 89 fe 48 c1 ee 03 80 3c 2e 00 0f 85 ec 01 00 00 4d 3b a6 a8 00 00 00 0f 85 8a fd ff ff 48 85 c0 0f 84 55 fe ff ff <0f> 0b e9 4e fe ff ff be 08 00 00 00 4c 89 54 24 58 48 89 54 24 50 RSP 0018:ffff888121787dc0 EFLAGS 00010002 RAX 00000000000006a2 RBX
 ffff888100062800 RCX: ffffffff8190cb49 RDX: ffff888126934c00 RSI: 1ffff11020200a15 RDI: ffff8881010050a8 RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffed1024d26982 R10: ffff888126934c17 R11:
 R12ffff8881010050a8 : ffff888126934c00 R13: ffff8881010050b8 R14: ffff888101005000 R15: ffff888126930008 FS: 00007f95c8cd7540(0000) GS:ffff8882b576e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f95c8de4dc0 CR3: 0000000128452002 CR40000000000172ef0 呼叫追踪 <TASK> __pfx_ring_buffer_map_get_reader+0x10/0x10 tracing_buffers_ioctl+0x283/0x370 __x64_sys_ioctl+0x134/0x190 do_syscall_64+0x79/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f95c8de48db Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 0b:28 0 0000 25 2SP: R 0 00 00 00007ffe037ba110 EFLAGS00000246 ORIG_RAX0000000000000010 RAXffffffffffffffda RBX00007ffe037bb2b0 RCX
 00007f95c8de48db RDX: 0000000000000000 RSI: 0000000000005220 RDI: 0000000000000006 RBP: 00007ffe037ba180 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12:
 R130000000000000000 : 00007ffe037bb6f8 R14: 00007f95c9065000 R15: 00005575c7492c90 </TASK> irq event stamp: 5080 hardirqs last enabled at (5079): [<ffffffff83e0adb0>] _raw_spin_unlock_irqrestore+0x50/0x70 hardirqs last disabled at (5080): [<ffffffff83e0aa83>] _raw_spin_lock_irqsave +0x63/0x70 softirqs 上次於 (4182) 啟用 [<ffffffff81516122>] handle_softirqs+0x552/0x710 softirqs 上次停用於 (4159)
 [<ffffffff815163f7>] __irq_exit_rcu+0x107/0x210 ---[ end trace 0000000000000000 ]--- 在同時具有 lockdep 和 KASAN 以及已啟用 kmemleak 的核心上執行及執行下列命令會觸發上述情況並執行下列命令# perf record -o perf-test.dat -a -- trace-cmd record --nosplice -e all -p function hackbench 50 在 perf 插入大量中斷的情況下並在啟用所有事件和函式追踪的 trace-cmd 時啟用 lockdep、KASAN 和 kmemleak時可能會造成中斷搶占要寫入以新增足夠事件的事件 ---truncated--- (CVE-2025-38267)

請注意,Nessus 依賴供應商報告的套件存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://ubuntu.com/security/CVE-2025-38267

Plugin 詳細資訊

嚴重性: High

ID: 246948

檔案名稱: unpatched_CVE_2025_38267.nasl

版本: 1.1

類型: local

代理程式: unix

系列: Misc.

已發布: 2025/8/9

已更新: 2025/8/9

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.0

CVSS v2

風險因素: Medium

基本分數: 5.4

時間性分數: 4

媒介: CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:C

CVSS 評分資料來源: CVE-2025-38267

CVSS v3

風險因素: High

基本分數: 7.1

時間性分數: 6.2

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.14, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, cpe:/o:canonical:ubuntu_linux:25.04, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2025/7/10

參考資訊

CVE: CVE-2025-38267