Amazon Linux 2023bpftool6.12、kernel6.12、kernel6.12-devel (ALAS2023-2026-1487)
high Nessus Plugin ID 304272
語言:
概要
遠端 Amazon Linux 2023 主機缺少一個安全性更新。說明
因此,會受到 ALAS2023-2026-1487 公告中所提及的多個弱點影響。在 Linux 核心中,下列弱點已解決:
md透過 sysfs 更新 raid_disks 時暫停陣列 (CVE-2025-71225)
在 Linux 核心中,下列弱點已解決:
btrfs修正插入內嵌範圍時某些錯誤路徑中的保留洩漏 (CVE-2025-71268)
在 Linux 核心中,下列弱點已解決:
netfilternf_tables修正 nft_map_catchall_activate() 中的反轉 genmask 檢查 (CVE-2026-23111)
在 Linux 核心中,下列弱點已解決:
net修正轉送 fraglist GRO 的分割 (CVE-2026-23154)
在 Linux 核心中,下列弱點已解決:
efivarfs修正 efivar_entry_get() 中的錯誤傳播 (CVE-2026-23156)
在 Linux 核心中,下列弱點已解決:
perfsched使用新的 is_user_task() 協助程式修正 perf 損毀 (CVE-2026-23159)
在 Linux 核心中,下列弱點已解決:
mm/shmem、swap修正截斷的爭用和交換項目分割 (CVE-2026-23161)
在 Linux 核心中,下列弱點已解決:
flex_proportions使 fprop_new_period() hardirq 安全 (CVE-2026-23168)
在 Linux 核心中,下列弱點已解決:
mptcp修正 mptcp_pm_nl_flush_addrs_doit() 中的爭用 (CVE-2026-23169)
在 Linux 核心中,下列弱點已解決:
net/mlx5eTC僅刪除現有對等端的流程 (CVE-2026-23173)
在 Linux 核心中,下列弱點已解決:
mm、shmem防止截斷爭用時發生無限迴圈 (CVE-2026-23177)
在 Linux 核心中,下列弱點已解決:
ceph修正 ceph_mds_auth_match() 中的 NULL 指標解除參照 (CVE-2026-23189)
在 Linux 核心中,下列弱點已解決:
scsi目標iscsi修正 iscsit_dec_session_usage_count() 中的釋放後使用錯誤 (CVE-2026-23193)
在 Linux 核心中,下列弱點已解決:
KVM取消指派 irqfd 時不破壞 irqfd 路由類型 (CVE-2026-23198)
在 Linux 核心中,下列弱點已解決:
procfs避免在保留 VMA 鎖定時擷取版本 ID (CVE-2026-23199)
在 Linux 核心中,下列弱點已解決:
ipv6修正清除 RTF_ADDRCONF 時的 ECMP 同級計數不相符 (CVE-2026-23200)
在 Linux 核心中,下列弱點已解決:
ceph修正在 parse_longname() 中kfree() 的無效指標所導致的 oops (CVE-2026-23201)
在 Linux 核心中,下列弱點已解決:
spitegra210-quad保護 tegra_qspi_combined_seq_xfer 中的 curr_xfer (CVE-2026-23202)
在 Linux 核心中,下列弱點已解決:
net/schedcls_u32使用 skb_header_pointer_careful() (CVE-2026-23204)
在 Linux 核心中,下列弱點已解決:
smb/client修正 smb2_open_file() 中的記憶體洩漏 (CVE-2026-23205)
在 Linux 核心中,下列弱點已解決:
macvlan修正 macvlan_common_newlink() 中的錯誤復原 (CVE-2026-23209)
在 Linux 核心中,下列弱點已解決:
bonding註解slave->last_rx 的資料爭用 (CVE-2026-23212)
在 Linux 核心中,下列弱點已解決:
btrfs如果 fs 為完全唯讀則拒絕新交易 (CVE-2026-23214)
在 Linux 核心中,下列弱點已解決:
x86/vmware修正 hypercall 攻擊者 (CVE-2026-23215)
在 Linux 核心中,下列弱點已解決:
scsi目標iscsi修正 iscsit_dec_conn_usage_count() 中的釋放後使用 (CVE-2026-23216)
在 Linux 核心中,下列弱點已解決:
mm/slab為 memcg_alloc_abort_single 新增 alloc_tagging_slab_free_hook (CVE-2026-23219)
在 Linux 核心中,下列弱點已解決:xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.
(CVE-2026-23223)
在 Linux 核心中,下列弱點已解決:erofs: fix UAF issue for file-backed mounts w/ directio option [ 9.269940][ T3222] Call trace: [ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108 [ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198 [ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180 [ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24 [ 9.270030][T3222] z_erofs_runqueue+0x834/0x8ac [ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220 [ 9.270083][ T3222] filemap_read_folio+0x60/0x120 [ 9.270102][ T3222] filemap_fault+0xcac/0x1060 [ 9.270119][ T3222] do_pte_missing+0x2d8/0x1554 [ 9.270131][ T3222] handle_mm_fault+0x5ec/0x70c [ 9.270142][ T3222] do_page_fault+0x178/0x88c [ 9.270167][ T3222] do_translation_fault+0x38/0x54 [ 9.270183][ T3222] do_mem_abort+0x54/0xac [ 9.270208][ T3222] el0_da+0x44/0x7c [ 9.270227][ T3222] el0t_64_sync_handler+0x5c/0xf4 [ 9.270253][ T3222] el0t_64_sync+0x1bc/0x1c0 EROFS may encounter above panic when enabling file-backed mount w/ directio mount option, the root cause is it may suffer UAF in below race condition: - z_erofs_read_folio wq s_dio_done_wq - z_erofs_runqueue - erofs_fileio_submit_bio - erofs_fileio_rq_submit - vfs_iocb_iter_read - ext4_file_read_iter - ext4_dio_read_iter - iomap_dio_rw :
bio was submitted and return -EIOCBQUEUED - dio_aio_complete_work - dio_complete - dio->iocb->ki_complete (erofs_fileio_ki_complete()) - kfree(rq) : it frees iocb, iocb.ki_filp can be UAF in file_accessed(). - file_accessed : access NULL file point Introduce a reference count in struct erofs_fileio_rq, and initialize it as two, both erofs_fileio_ki_complete() and erofs_fileio_rq_submit() will decrease reference count, the last one decreasing the reference count to zero will free rq. (CVE-2026-23224)
在 Linux 核心中,下列弱點已解決:smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read-modify-write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields. (CVE-2026-23230)
在 Linux 核心中,下列弱點已解決:
netgro修正外部網路位移 (CVE-2026-23254)
在 Linux 核心中,下列弱點已解決:
regmapmaplemas_store_gfp() 失敗時釋放項目 (CVE-2026-23260)
Tenable 已直接從所測試產品的安全公告擷取前置描述區塊。
請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。
解決方案
執行「dnf update kernel6.12 --releasever 2023.10.20260325」或 或「dnf update --advisory ALAS2023-2026-1487 --releasever 2023.10.20260325」以更新系統。另請參閱
https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1487.html
https://alas.aws.amazon.com/faqs.html
https://explore.alas.aws.amazon.com/CVE-2025-71225.html
https://explore.alas.aws.amazon.com/CVE-2025-71268.html
https://explore.alas.aws.amazon.com/CVE-2026-23111.html
https://explore.alas.aws.amazon.com/CVE-2026-23154.html
https://explore.alas.aws.amazon.com/CVE-2026-23156.html
https://explore.alas.aws.amazon.com/CVE-2026-23159.html
https://explore.alas.aws.amazon.com/CVE-2026-23161.html
https://explore.alas.aws.amazon.com/CVE-2026-23168.html
https://explore.alas.aws.amazon.com/CVE-2026-23169.html
https://explore.alas.aws.amazon.com/CVE-2026-23173.html
https://explore.alas.aws.amazon.com/CVE-2026-23177.html
https://explore.alas.aws.amazon.com/CVE-2026-23189.html
https://explore.alas.aws.amazon.com/CVE-2026-23193.html
https://explore.alas.aws.amazon.com/CVE-2026-23198.html
https://explore.alas.aws.amazon.com/CVE-2026-23199.html
https://explore.alas.aws.amazon.com/CVE-2026-23200.html
https://explore.alas.aws.amazon.com/CVE-2026-23201.html
https://explore.alas.aws.amazon.com/CVE-2026-23202.html
https://explore.alas.aws.amazon.com/CVE-2026-23204.html
https://explore.alas.aws.amazon.com/CVE-2026-23205.html
https://explore.alas.aws.amazon.com/CVE-2026-23209.html
https://explore.alas.aws.amazon.com/CVE-2026-23212.html
https://explore.alas.aws.amazon.com/CVE-2026-23214.html
https://explore.alas.aws.amazon.com/CVE-2026-23215.html
https://explore.alas.aws.amazon.com/CVE-2026-23216.html
https://explore.alas.aws.amazon.com/CVE-2026-23219.html
https://explore.alas.aws.amazon.com/CVE-2026-23223.html
https://explore.alas.aws.amazon.com/CVE-2026-23224.html
https://explore.alas.aws.amazon.com/CVE-2026-23230.html
Plugin 詳細資訊
嚴重性: High
ID: 304272
檔案名稱: al2023_ALAS2023-2026-1487.nasl
版本: 1.1
類型: Local
代理程式: unix
已發布: 2026/3/30
已更新: 2026/3/30
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
風險資訊
VPR
風險因素: Medium
分數: 6.7
CVSS v2
風險因素: Medium
基本分數: 6.8
時間性分數: 5
媒介: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS 評分資料來源: CVE-2026-23224
CVSS v3
風險因素: High
基本分數: 7.8
時間性分數: 6.8
媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
弱點資訊
CPE: cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:kernel6.12-devel, p-cpe:/a:amazon:linux:kernel6.12-modules-extra, p-cpe:/a:amazon:linux:bpftool6.12, p-cpe:/a:amazon:linux:kernel6.12-tools-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-libbpf-static, p-cpe:/a:amazon:linux:kernel6.12-libbpf-debuginfo, p-cpe:/a:amazon:linux:perf6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-headers, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:perf6.12, p-cpe:/a:amazon:linux:kernel6.12-tools, p-cpe:/a:amazon:linux:kernel6.12, p-cpe:/a:amazon:linux:kernel6.12-tools-devel, p-cpe:/a:amazon:linux:kernel6.12-libbpf-devel, p-cpe:/a:amazon:linux:python3-perf6.12, p-cpe:/a:amazon:linux:python3-perf6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12-debuginfo, p-cpe:/a:amazon:linux:kernel-livepatch-6.12.73-95.123, p-cpe:/a:amazon:linux:kernel6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:kernel6.12-libbpf, p-cpe:/a:amazon:linux:kernel6.12-modules-extra-common
必要的 KB 項目: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2026/3/27
弱點發布日期: 2026/2/13
參考資訊
CVE: CVE-2025-71225, CVE-2025-71268, CVE-2026-23111, CVE-2026-23154, CVE-2026-23156, CVE-2026-23159, CVE-2026-23161, CVE-2026-23168, CVE-2026-23169, CVE-2026-23173, CVE-2026-23177, CVE-2026-23189, CVE-2026-23193, CVE-2026-23198, CVE-2026-23199, CVE-2026-23200, CVE-2026-23201, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205, CVE-2026-23209, CVE-2026-23212, CVE-2026-23214, CVE-2026-23215, CVE-2026-23216, CVE-2026-23219, CVE-2026-23223, CVE-2026-23224, CVE-2026-23230, CVE-2026-23254, CVE-2026-23260