Linux Distros 未修補的弱點:CVE-2025-38532

critical Nessus Plugin ID 259965

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且廠商未提供可用的修補程式。

- netlibwx正確重設 Rx 通道描述符號。當功能變更觸發裝置重設觸發 (例如切換 Rx VLAN 卸載) 時會呼叫 wx->do_reset() 以重新初始化 Rx 通道。硬體描述元環可能會保留先前工作階段的過時值。且僅將 rx_desc[0] 中的長度設定為 0 會導致構建格式錯誤的 SKB。修正此問題以確保裝置重設後的空白非空白畫面。 [ 549.186435] [ C16]
------------[cut here ]------------ [ 549.186457] [ C16] net/core/skbuff.c:2814! 的核心錯誤[549.186468] [ C16] Oops無效 opcode0000 [#1] SMP NOPTI [ 549.186472] [ C16] CPU16 UID0 PID0 Commswapper/16 Kdump已載入未受污染的 6.16.0 -rc4+ #23 PREEMPT(vulnerable) [ 549.186476] [ C16] 硬體名稱Micro- Star International Co., Ltd. MS-7E16/X670E GAMING PLUS wifi (MS-7E16)、BIOS 1.90 12/31/2024 [ 549.186478] [ C16] RIP 0010:__pskb_pull_tail+0x3ff/0x510 [ 549.186484] [ C16] 程式碼06 f0 ff 4f 34 74 7b 4d 8b 8c 24 c8 00 00 00 45 8b 84 24 c0 00 00 00 e9 c8 fd ff ff 48 c7 44 24 08 00 00 00 00 e9 5e fe ff ff <0f> 0b 31 c0 e9 23 90 ff 41 f7 c6 ff 0f 00 00 75 bf 49 8b 06 a8 [ 549.186487] [ C16] RSP
0018:ffffb391c0640d70 EFLAGS00010282 [ 549.186490] [ C16] RAX00000000fffffff2 RBXffff8fe7e4d40200 RCX00000000ffffffff2 [ 549.186492] [ C16] RDX ffff8fe7c3a4bf8e RSI0001080DI000000
ffff8fe7c3a4bf40 [ 549.186494] [ C16] RBP: ffffb391c0640da8 R08: ffff8fe7c3a4c0c0 R09: 000000000000000e [549.186496] [ C16] R10: ffffb391c0640d88 R11: 000000000000000e R12: ffff8fe7e4d40200 [ 549.186497] [ C16] R1300000000fffffff2 R14ffff8fe7fa01a000 R1500000000fffffff2 [ 549.186499] [ C16] FS
0000000000000000(0000) GS:ffff8fef5ae40000(0000) knlGS:0000000000000000 [ 549.186502] [ C16] CS0010 DS
0000 ES0000 CR00000000080050033 [ 549.186503] [ C16] CR200007f77d81d6000 CR3000000051a032000 CR4
0000000000750ef0 [ 549.186505] [ C16] PKRU 55555554 [ 549.186507] [ C16] 呼叫追踪 [ 549.186510] [ C16] <IRQ> [ 549.186513] [ C16] srso_alias_return_thunk+0x5/0xfbef5 [ 549.186517] [ C16] __skb_pad+0xc7/0xf0 [ 549.186523] [ C16] wx_clean_rx_irq+0x355/0x3b0 [libwx] [ 549.186533] [ C16] wx_poll+0x92/0x120 [libwx] [549.186540] [ C16] __napi_poll+0x28/0x190 [ 549.186544] [ C16] net_rx_action+0x301/0x3f0 [ 549.186548] [C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186551] [ C16] ? __raw_spin_lock_irqsave+0x1e/0x50 [549.186554] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186557] [ C16] ? wake_up_nohz_cpu+0x35/0x160 [ 549.186559] [ C16] ? srso_alias_return_thunk+0x5/0xfbef5 [ 549.186563] [C16] handle_softirqs+0xf9/0x2c0 [ 549.186568] [ C16] __irq_exit_rcu+0xc7/0x130 [ 549.186572] [ C16] common_interrupt+0xb8/0xd0 [ 549.186576] [ C16] </IRQ> [ 549.186577] [ C16] <TASK> [ 549.186579] [ C16] asm_common_interrupt+0x22/0x40 [ 549.186582] [ C16] RIP 0010:cpuidle_enter_state+0xc2/0x420 [ 549.186585] [ C16] 程式碼00 00 e8 11 0e 5e ff e8 ac f0 ff ff 49 89 c5 0f 1f 44 00 00 31 ff e8 0d ed 5c ff 45 84 ff 0f 85 40 02 00 00 fb 0f 1f 44 00 00 <45> 85 f6 0f 88 84 01 00 00 49 63 d6 48 8d 04 52 48 8d 04 82 49 8d [549.186587] [ C16] RSP: 0018:ffffb391c0277e78 EFLAGS: 00000246 [ 549.186590] [ C16] RAX: ffff8fef5ae40000 RBX: 0000000000000003 RCX 0000000000000000 [ 549.186591] [ C16] RDX0000007fde0faac5 RSI
ffffffff826e53f6 RDI: ffffffff826fa9b3 [ 549.186593] [ C16] RBP: ffff8fe7c3a20800 R08: 0000000000000002 R09: 0000000000000000 [ 549.186595] [ C16] R10: 0000000000000000 R11: 000000000000ffff R12:
ffffffff82ed7a40 [ 549.186596] [ C16] R130000007fde0faac5 R140000000000000003 R150000000000000000 [549.186601] [ C16] cpuidle_enter_state+0xb3/0x420 [ 549.186605] [ C16] cpuidle_en ---truncated--- (CVE-2025-38532)

請注意,Nessus 的判定取決於廠商所報告的套件是否存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://security-tracker.debian.org/tracker/CVE-2025-38532

Plugin 詳細資訊

嚴重性: Critical

ID: 259965

檔案名稱: unpatched_CVE_2025_38532.nasl

版本: 1.1

類型: local

代理程式: unix

系列: Misc.

已發布: 2025/8/31

已更新: 2025/8/31

支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.7

CVSS v2

風險因素: High

基本分數: 7.5

時間性分數: 5.5

媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2025-38532

CVSS v3

風險因素: Critical

基本分數: 9.8

時間性分數: 8.5

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: cpe:/o:debian:debian_linux:14.0, p-cpe:/a:debian:debian_linux:linux

必要的 KB 項目: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2025/8/16

參考資訊

CVE: CVE-2025-38532