偵測

Linux Distros 未修補的弱點:CVE-2026-23046

critical Nessus Plugin ID 297936

語言:

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點,供應商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。

 - virtio_net修正 devm_kzalloc/devm_kfree 中的裝置不相符情況初始 rss_hdr 配置使用 virtio_device->device但 virtnet_set_queues() 會使用 net_device->device 釋放。此裝置不相符會造成下列 devres 警告 [ 3788.514041] ------------[cut here ]------------ [ 3788.514044] 警告
 drivers/base/devres.c:1095 at devm_kfree+0x84/0x98、 CPU#16vdpa/1463 [ 3788.514054] 連結的模組
 octep_vdpa virtio_net virtio_vdpa [上次卸載 virtio_vdpa] [ 3788.514064] CPU 16 UID 0 PID 1463 Comm vdpa 受污染 GW 6.18.0 #10 PREEMPT [ 3788.514067] 受污染 [W]=WARN [ 3788.514069] 硬體名稱
 Marvell CN106XX 電路板 (DT) [ 3788.514071] pstate 63400009 (nZCv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 3788.514074] pcdevm_kfree+0x84/0x98 [ 3788.514076] lrdevm_kfree+ 0x54/0x98 [ 3788.514079] sp
 ffff800084e2f220 [ 3788.514080] x29: ffff800084e2f220 x28: ffff0003b2366000 x27: 000000000000003f [3788.514085] x26: 000000000000003f x25: ffff000106f17c10 x24: 0000000000000080 [ 3788.514089] x23:
 ffff00045bb8ab08 x22ffff00045bb8a000 x210000000000000018 [ 3788.514093] x20ffff0004355c3080 x19
 ffff00045bb8aa00 x180000000000080000 [ 3788.514098] x170000000000000040 x16000000000000001f x15
 000000000007ffff [ 3788.514102] x14: 0000000000000488 x13: 0000000000000005 x12: 00000000000fffff [3788.514106] x11: ffffffffffffffff x10: 0000000000000005 x9 : ffff800080c8c05c [ 3788.514110] x8 :
 ffff800084e2eeb8 x7 0000000000000000 x6 000000000000003f [ 3788.514115] x5 ffff8000831bafe0 x4
 ffff800080c8b010 x3 ffff0004355c3080 [ 3788.514119] x2 ffff0004355c3080 x1 0000000000000000 x0
 0000000000000000 [ 3788.514123] 呼叫追踪 [ 3788.514125] devm_kfree+0x84/0x98 (P) [ 3788.514129] virtnet_set_queues+0x134/0x2e8 [virtio_net] [ 3788.514135] virtnet_probe+0x9c0/0xe00 [virtio_net] [3788.514139] virtio_dev_probe+ 0x1e0/0x338 [ 3788.514144] emerge_probe+0xc8/0x3a0 [ 3788.514149]
 __driver_probe_device+0x84/0x170 [ 3788.514152] driver_probe_device+0x44/0x120 [ 3788.514155]
 __device_attach_driver+0xc4/0x168 [ 3788.514158] bus_for_each_drv+0x8c/0xf0 [ 3788.514161]
 __device_attach+0xa4/0x1c0 [ 3788.514164] device_initial_probe+0x1c/0x30 [ 3788.514168] bus_probe_device+0xb4/0xc0 [ 3788.514170] device_add+0x614/0x828 [ 3788.514173] register_virtio_device+0x214/0x258 [ 3788.514175] virtio_vdpa_probe+0xa0/0x110/0x110 [virtio_vdpa] [3788.514179] vdpa_dev_probe+0xa8/0xd8 [ 3788.514183] emerge_probe+0xc8/0x3a0 [ 3788.514186]
 __driver_probe_device+0x84/0x170 [ 3788.514189] driver_probe_device+0x44/0x120 [ 3788.514192]
 __device_attach_driver+0xc4/0x168 [ 3788.514195] bus_for_each_drv+0x8c/0xf0 [ 3788.514197]
 __device_attach+0xa4/0x1c0 [ 3788.514200] device_initial_probe+0x1c/0x30 [ 3788.514203] bus_probe_device+0xb4/0xc0 [ 3788.514206] device_add+0x614/0x828 [ 3788.514209]
 _vdpa_register_device+0x58/0x88 [ 3788.514211] octep_vdpa_dev_add+0x104/0x228 [octep_vdpa] [ 3788.514215] vdpa_nl_cmd_dev_add_set_doit+0x2d0/0x3c0 [ 3788.514218] genl_family_rcv_msg_doit+0xe4/0x158 [ 3788.514222] genl_rcv_msg+0x218/0x298 [ 3788.514225] netlink_rcv_skb+ 0x64/0x138 [ 3788.514229] genl_rcv+0x40/0x60 [3788.514233] netlink_unicast+0x32c/0x3b0 [ 3788.514237] netlink_sendmsg+0x170/0x3b8 [ 3788.514241]
 __sys_sendto+0x12c/0x1c0 [ 3788.514246] __arm64_sys_sendto+0x30/0x48 [ 3788.514249] invoke_syscall.constprop.0+0x58/0xf8 [ 3788.514255] do_el0_svc+0x48/0xd0 [ 3788.514259] el0_svc+0x48/0x210 [ 3788.514264] el0t_64_sync_handler +0xa0/0xe8 [ 3788.514268] el0t_64_sync+0x198/0x1a0 [ 3788.514271] ---[end trace 0000000000000000 ]--- 透過持續使用 virtio_device->device 進行配置和解除配置來修正 (CVE-2026-23046)

請注意,Nessus 的判定取決於廠商所報告的套件是否存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://security-tracker.debian.org/tracker/CVE-2026-23046

Plugin 詳細資訊

嚴重性: Critical

ID: 297936

檔案名稱: unpatched_CVE_2026_23046.nasl

版本: 1.1

類型: local

代理程式: unix

系列: Misc.

已發布: 2026/2/4

已更新: 2026/2/4

支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.7

CVSS v2

風險因素: High

基本分數: 7.5

時間性分數: 6.4

媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 評分資料來源: CVE-2026-23046

CVSS v3

風險因素: Critical

基本分數: 9.8

時間性分數: 9

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:U/RC:C

弱點資訊

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:14.0

必要的 KB 項目: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2026/2/4

參考資訊

CVE: CVE-2026-23046