Azure Linux 3.0 安全性更新核心 (CVE-2025-21684)
medium Nessus Plugin ID 295688
語言:
概要
遠端 Azure Linux 主機缺少一個或多個安全性更新。說明
遠端 Azure Linux 3.0 主機上安裝的核心版本比測試版舊。因此,此版本會受到 CVE-2025-21684 公告中提及的一個弱點影響。- 已解決 Linux 核心中的下列弱點:gpio: xilinx: Convert gpio_lock to raw spinlock irq_chip functions May be called in raw spinlock context. Therefore, we must also use a raw spinlock for our own internal locking. This fixes the following lockdep splat: [ 5.349336] ============================= [ 5.353349] [ BUG: Invalid wait context ] [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W [ 5.363031] ----------------------------- [ 5.367045] kworker/u17:1/44 is trying to lock: [5.371587] ffffff88018b02c0 (&chip->gpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.380079] other info that might help us debug this: [ 5.385138] context-{5:5} [ 5.387762] 5 locks held by kworker/u17:1/44: [ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204) [ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205) [5.411528] #2: ffffff880172c900 (&dev->mutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006) [5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596) [ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614) [ 5.436472] stack backtrace: [ 5.439359] CPU: 2 UID: 0 PID: 44 Comm:
kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69 [ 5.448690] Tainted: [W]=WARN [ 5.451656] Hardware name:
xlnx,zynqmp (DT) [ 5.455845] Workqueue: events_unbound deferred_probe_work_func [ 5.461699] Call trace: [5.464147] show_stack+0x18/0x24 C [ 5.467821] dump_stack_lvl (lib/dump_stack.c:123) [ 5.471501] dump_stack (lib/dump_stack.c:130) [ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176) [ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814) [ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8)) [ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) [ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250) [ 5.497645] irq_startup (kernel/irq/chip.c:270) [ 5.501143]
__setup_irq (kernel/irq/manage.c:1807) [ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208) (CVE-2025-21684)
請注意,Nessus 並未測試此問題,而是僅依據應用程式自我報告的版本號碼作出判斷。
解決方案
更新受影響的套件。另請參閱
Plugin 詳細資訊
嚴重性: Medium
ID: 295688
檔案名稱: azure_linux_CVE-2025-21684.nasl
版本: 1.1
類型: local
已發布: 2026/1/22
已更新: 2026/1/22
支援的感應器: Nessus
風險資訊
VPR
風險因素: Medium
分數: 4.4
CVSS v2
風險因素: Medium
基本分數: 4.6
時間性分數: 3.4
媒介: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C
CVSS 評分資料來源: CVE-2025-21684
CVSS v3
風險因素: Medium
基本分數: 5.5
時間性分數: 4.8
媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
弱點資訊
CPE: p-cpe:/a:microsoft:azure_linux:kernel-debuginfo, p-cpe:/a:microsoft:azure_linux:kernel-devel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-gpu, p-cpe:/a:microsoft:azure_linux:python3-perf, p-cpe:/a:microsoft:azure_linux:kernel-docs, x-cpe:/o:microsoft:azure_linux, p-cpe:/a:microsoft:azure_linux:kernel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-sound, p-cpe:/a:microsoft:azure_linux:bpftool, p-cpe:/a:microsoft:azure_linux:kernel-drivers-intree-amdgpu, p-cpe:/a:microsoft:azure_linux:kernel-drivers-accessibility, p-cpe:/a:microsoft:azure_linux:kernel-tools
必要的 KB 項目: Host/local_checks_enabled, Host/AzureLinux/release, Host/AzureLinux/rpm-list, Host/cpu
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2025/3/11
弱點發布日期: 2025/2/9
參考資訊
CVE: CVE-2025-21684