偵測

Linux Distros 未修補的弱點:CVE-2023-53857

medium Nessus Plugin ID 277831

語言:

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。

 - bpfbpf_sk_storage修正無效的等待內容 lockdep report './test_progs -t test_local_storage' 報告快速[ 27.137569] ======================= ====== [ 27.138122] [錯誤無效等待內容] [27.138650] 6.5.0-03980-gd11ae1b16b0a #247 污染 GO [ 27.139542] ------------- ---------------- [27.140106] test_progs/1729 嘗試鎖定 [ 27.140713] ffff8883ef047b88 (stock_lock){-.-.}-{3:3}位於
 local_lock_acquire+0x9/0x130 [ 27.141834] 其他可協助我們除錯的其他資訊 [ 27.142437] context-{5:5} [ 27.142856] test_progs/1729 保留的 2 個鎖定 [ 27.143352] #0ffffffff84bcd9c0 (rcu_read_lock ){..}-{1:3}、@rcu_lock_acquire+0x4/0x40 [ 27.144492] #1ffff888107deb2c0 (&storage->lock){..-.}-{2:2}、@bpf_local_storage_update+ 0x39e/0x8e0 [ 27.145855] 堆疊反向追踪 [27.146274] CPU: 0 PID: 1729 Comm: test_progs 污染GO 6.5.0-03980-gd11ae1b16b0a #247 [ 27.147550] 硬體名稱QEMU Standard PC (i440FX + PIIX、 1996)、BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org04/01/2014 [ 27.149127] 呼叫追踪 [ 27.149490] <TASK> [ 27.149867] dump_stack_lvl+0x130/0x1d0 [27.152609] dump_stack +0x14/0x20 [ 27.153131] __lock_acquire+0x1657/0x2220 [ 27.153677] lock_acquire+0x1b8/0x510 [ 27.157908] local_lock_acquire+0x29/0x130 [ 27.159048] obj_cgroup_charge+0xf4/0x3c0 [ 27.160794] slab_pre_alloc_hook [0+0x28e/0x2bb] 27.161931]
 __kmem_cache_alloc_node+0x51/0x210 [ 27.163557] __kmalloc+0xaa/0x210 [ 27.164593] bpf_map_kzalloc+0xbc/0x170 [ 27.165147] bpf_selem_alloc+0x130/0x510 [ 27.166295] bpf_local_storage_update+0x5aa/0x8e0 [ 27.167042] bpf_fd_sk_storage_update_elem+0xdb/0x1a0 [ 27.169199] bpf_map_update_value+0x415/0x4f0 [ 27.169871] map_update_elem+0x413/0x550 [ 27.170330]
 __sys_bpf+0x5e9/0x640 [ 27.174065] __x64_sys_bpf+0x80/0x90 [ 27.174568] do_syscall_64+0x48/0xa0 [27.175201] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 27.175932] RIP 0033:0x7effb40e41ad [ 27.176357] 程式碼2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 c0 ff 8 4 3 8b 0d8 [ 27.179028] RSP002b:00007ffe64c21fc8 EFLAGS00000202 ORIG_RAX: 0000000000000141 [ 27.180088] RAXffffffffffffffda RBX00007ffe64c22768 RCX
 00007effb40e41ad [ 27.181082] RDX 0000000000000020 RSI 00007ffe64c22008 RDI 0000000000000002 [27.182030] RBP 00007ffe64c21ff0 R08000000000000 [076] R09[4] 2 :780 [076] []2:780 [ 27.183038076 ] R10[4]
 0000000000000064 R110000000000000202 R120000000000000000 [ 27.184006R13] 00007ffe64c22788 R14
 00007effb42a1000 R150000000000000000 [ 27.184958] </TASK> 它抱怨在保留 raw_spin_lock 的同時取得 local_lock。這表示其不應在保留 raw_spin_lock 時配置記憶體因為這對 RT 不安全。需要 raw_spin_lock因為 bpf_local_storage 支援追踪內容。特別是對於工作本機儲存在追踪 bpf prog 中很容易取得目前工作 PTR_TO_BTF_ID。
 不過工作 (和 cgroup) 本機儲存已移至可在 raw_spin_lock 之後使用的 bpf 記憶體配置器。展開用於 sk 儲存。針對 sk (和 inode) 儲存其尚未移至 bpf 記憶體配置器。無論是否使用 raw_spin_lockkzalloc(GFP_ATOMIC) 在追踪內容中理論上可能是不安全的。但是本機儲存協助程式需要驗證器接受的 sk 指標 (PTR_TO_BTF_ID)假設會發生這種情況 (是指在 kzalloc 不安全的內容中執行 bpf prog同時也能容納驗證器接受的 sk 指標)。此修補程式可避免 kzalloc 在 raw_spin_lock 之後使 splat 無訊息。在 raw_spin_lock 之前有一個現有的 kzalloc。此時很可能需要 kzalloc因為之前剛剛完成查閱。因此此修補程式一律先執行 kzalloc再執行 acq ---truncated--- (CVE-2023-53857)

請注意,Nessus 的判定取決於廠商所報告的套件是否存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://access.redhat.com/security/cve/cve-2023-53857

https://security-tracker.debian.org/tracker/CVE-2023-53857

https://ubuntu.com/security/CVE-2023-53857

Plugin 詳細資訊

嚴重性: Medium

ID: 277831

檔案名稱: unpatched_CVE_2023_53857.nasl

版本: 1.11

類型: local

代理程式: unix

系列: Misc.

已發布: 2025/12/9

已更新: 2026/2/4

支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Low

分數: 3.6

CVSS v2

風險因素: High

基本分數: 7.2

時間性分數: 6.1

媒介: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2023-53857

CVSS v3

風險因素: Medium

基本分數: 5.5

時間性分數: 5.1

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

時間媒介: CVSS:3.0/E:U/RL:U/RC:C

弱點資訊

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:debian:debian_linux:linux, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, cpe:/o:canonical:ubuntu_linux:25.04, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, p-cpe:/a:canonical:ubuntu_linux:linux-xilinx, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.14, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2

必要的 KB 項目: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2025/12/9

參考資訊

CVE: CVE-2023-53857