偵測

MiracleLinux 7kernel-3.10.0-1160.119.1.0.6.el7.AXS7 (AXSA:2024-9046:38)

high Nessus Plugin ID 291927

語言:

概要

遠端 MiracleLinux 主機缺少一個或多個安全性更新。

說明

遠端 MiracleLinux 7 主機已安裝受到多個弱點影響的套件如 AXSA:2024-9046:38 公告中所提及。

 * net/mlx5eSAMPO修正無效的 WQ 連結清單取消連結 {CVE-2024-44970}
 * PCI將遺漏的橋接器鎖定新增至 pci_bus_lock() {CVE-2024-46750}
 * net/mlx5捨棄內部錯誤中的命令完成 {CVE-2024-38555}
 * ALSApcm修正並行 prealloc proc 寫入間的爭用 {CVE-2022-1048}
 * ALSApcm新增記憶體配置失敗時的除錯列印 {CVE-2022-1048}
 * ALSApcm修正並行準備和 hw_params/hw_free 呼叫間的爭用 {CVE-2022-1048}
 * ALSApcm修正並行讀取/寫入和緩衝區變更間的爭用 {CVE-2022-1048}
 * ALSApcm修正並行 hw_params 和 hw_free 呼叫間的爭用 {CVE-2022-1048}
 * net/packet修正 packet_recvmsg() 中的 slab 超出邊界存取 {CVE-2022-20368}
 * 封包在 recvmsg msg_name 中至少傳回 sizeof sockaddr_ll {CVE-2022-20368}
 * 還原 net/packet修正 packet_recvmsg() 中的 slab 超出邊界存取
 * KVMVMX當來賓具有 IBRS {CVE-2022-2196} CVE 時在模擬 VM 結束時執行 IBPB
 CVE-2022-1048 在 Linux 核心之使用者觸發 PCM hw_params 並行呼叫的方式中發現一個釋放後使用缺陷。hw_free ioctls 或類似的爭用情形發生在其他 ioctl 的 ALSA PCM 內。本機使用者可利用此缺陷造成系統當機,或可能提升自己的系統權限。
 CVE-2022-20368 產品AndroidVersionsAndroid 核心Android IDA-224546354參照上游核心 CVE-2022-2196 回歸存在於 KVMnVMX 的 Linux 核心中其允許推測執行攻擊。
 因為 KVM (L0) 向 L1 通告 eIBRS 支援,L1 認為在執行 L2 後其不需要 retpolines 或 IBPB,所以 L2 可以對 L1 發動 Spectre v2 攻擊。在 L2 具有程式碼執行權限的攻擊者可在主機的間接分支上執行程式碼。建議升級至 Kernel 6.2 或超過認可 2e7eab81425a CVE-2024-38555 已解決 Linux 核心中的下列弱點 net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal error state.
 Avoid calling completion handler in this case, since the device will flush the command interface and trigger all completions manually. Kernel log: ------------[ cut here ]------------ refcount_t: underflow;
 use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Call Trace: ? __warn+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0 ? report_bug+0x17c/0x190 ? handle_bug+0x3c/0x60 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0xd8/0xe0 cmd_ent_put+0x13b/0x160 [mlx5_core] mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core] cmd_comp_notifier+0x1f/0x30 [mlx5_core] notifier_call_chain+0x35/0xb0 atomic_notifier_call_chain+0x16/0x20 mlx5_eq_async_int+0xf6/0x290 [mlx5_core] notifier_call_chain+0x35/0xb0 atomic_notifier_call_chain+0x16/0x20 irq_int_handler+0x19/0x30 [mlx5_core]
 __handle_irq_event_percpu+0x4b/0x160 handle_irq_event+0x2e/0x80 handle_edge_irq+0x98/0x230
 __common_interrupt+0x3b/0xa0 common_interrupt+0x7b/0xa0 asm_common_interrupt+0x22/0x40 CVE-2024-44970 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides without unlinking the WQE again.
 CVE-2024-46750 In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP:
 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? pci_bridge_secondary_bus_reset+0x5d/0x70 pci_reset_bus+0x1d8/0x270 vmd_probe+0x778/0xa10 pci_device_probe+0x95/0x120 Where pci_reset_bus() users are triggering unlocked secondary bus resets. Ironically pci_bus_reset(), several calls down from pci_reset_bus(), uses pci_bus_lock() before issuing the reset which locks everything *but* the bridge itself. For the same motivation as adding: bridge = pci_upstream_bridge(dev); if (bridge) pci_dev_lock(bridge); to pci_reset_function() for the bus and cxl_bus reset cases, add pci_dev_lock() for @bus->self to pci_bus_lock(). [bhelgaas: squash in recursive locking deadlock fix from Keith Busch:
 https://lore.kernel.org/r/[email protected]]

Tenable 已直接從 MiracleLinux 安全性公告擷取前置描述區塊。

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://tsn.miraclelinux.com/en/node/20230

Plugin 詳細資訊

嚴重性: High

ID: 291927

檔案名稱: miracle_linux_AXSA-2024-9046.nasl

版本: 1.1

類型: local

已發布: 2026/1/20

已更新: 2026/1/20

支援的感應器: Nessus Agent, Nessus

風險資訊

VPR

風險因素: High

分數: 7.3

Vendor

Vendor Severity: High

CVSS v2

風險因素: Medium

基本分數: 6.9

時間性分數: 5.1

媒介: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2022-1048

CVSS v3

風險因素: High

基本分數: 8.8

時間性分數: 7.7

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

CVSS 評分資料來源: CVE-2022-2196

弱點資訊

CPE: cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel-debug, p-cpe:/a:miracle:linux:kernel-tools-libs, p-cpe:/a:miracle:linux:perf, p-cpe:/a:miracle:linux:kernel-debug-devel, p-cpe:/a:miracle:linux:kernel-tools, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:bpftool, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:python-perf, p-cpe:/a:miracle:linux:kernel-abi-whitelists

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2024/12/4

弱點發布日期: 2022/4/19

參考資訊

CVE: CVE-2022-1048, CVE-2022-20368, CVE-2022-2196, CVE-2024-38555, CVE-2024-44970, CVE-2024-46750