Linux Distros 未修補的弱點：CVE-2026-43016

high Nessus Plugin ID 311591

語言:

概要

Linux/Unix 主機上安裝的一個或多個套件存有弱點，廠商表示將不會修補。

說明

Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件，且供應商未提供可用的修補程式。

- bpf：sockmap：修正 sk->sk_socket 的 use-after-free sk_psock_verdict_data_ready（）。Syzbot 在 sk_psock_verdict_data_ready（）年報告 AF_UNIX 套筒的 SK->sk_socket 後使用後無效。[0] 在 unix_stream_sendmsg（）中，對等套接字的 ->sk_data_ready（）在丟棄其 unix_state_lock（）後被呼叫。
雖然發送端套接字會保留對方的參考計數，但它不會阻止對方的 sock_orphan（），且在一個 RCU 寬限期後，對端的 sk_socket 可能會被釋放。我們在 sk_psock_verdict_data_ready（）中取得對等節點在 RCU 下的 sk->sk_socket 和 sk->sk_socket->ops。[0]： BUG： KASAN： slab-use-after-free in sk_psock_verdict_data_ready+0xec/0x590 net/core/skmsg.c：1278 由任務 syz.4.1842/11013 讀取大小為 8 at addr ffff8880594da860 由任務 syz.4.1842/11013 CPU： 1 UID： 0 PID： 11013 通訊： syz.4.1842 未受污染 syzkaller #0 PREEMPT（完整）硬體名稱：Google Google Compute Engine/Google Compute Engine， BIOS Google 2026/02/12 通話追蹤：
<TASK> dump_stack_lvl+0xe8/0x150 lib/dump_stack.c：120 print_address_description MM/KASAN/REPORT.C：378 [內線] print_report+0xba/0x230 MM/Kasan/report.C：482 kasan_report+0x117/0x150 MM/Kasan/report.C：595 sk_psock_verdict_data_ready+0xec/0x590 net/core/skmsg.c：1278 unix_stream_sendmsg+0x8a3/0xe80 net/unix/af_unix.c：2482 sock_sendmsg_nosec net/socket.c：721 [內線] __sock_sendmsg net/socket.c：736 [內聯] ____sys_sendmsg+0x972/0x9f0 net/socket.c：2585 ___sys_sendmsg+0x2a5/0x360 net/socket.c：2639
__sys_sendmsg net/socket.c：2671 [內線] __do_sys_sendmsg net/socket.c：2676 [內線] __se_sys_sendmsg net/socket.c：2674 [內線] __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c：2674 do_syscall_x64 arch/x86/entry/syscall_64.c：63 [內嵌] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c：94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP： 0033：0x7facf899c819 代碼：ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 0f 05 <48> 3d 01 f0 ff ff ff 73 01 c3 48 c7 c1 e8 ff f7 d8 64 89 01 48 RSP： 002b：00007facf9827028 EFLAGS： 00000246 ORIG_RAX： 000000000000002e RAX： ffffffffffffda RBX： 00007facf8c15fa0 RCX： 00007facf899c819 RDX：
00000000000000 RSI：0000200000000500 RDI：0000000000000004 RBP：00007facf8a32c91 R08：0000000000000000 R09： 0000000000000000000000000000000000000000000000000000 R10R11： 0000000000000246 R12： 0000000000000000000000000000000000000000000000000000000000000 R13
00007facf8c16038 R14： 00007facf8c15fa0 R15： 00007ffd41b01c78 </TASK> 任務 11013 分配：
kasan_save_stack mm/kasan/common.c：57 [內嵌] kasan_save_track+0x3e/0x80 mm/kasan/common.c：78 unpoison_slab_object mm/kasan/common.c：340 [內嵌] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c：366 kasan_slab_alloc include/linux/kasan.h：253 [內嵌] slab_post_alloc_hook mm/slub.c：4538 [內嵌] slab_alloc_node mm/slub.c：4866 [內嵌] kmem_cache_alloc_lru_noprof+0x2b8/0x640 mm/slub.c：4885 sock_alloc_inode+0x28/0xc0 net/socket.c：316alloc_inode+0x6a/0x1b0 FS/inode.C：347 new_inode_pseudo include/Linux/FS.H：3003 [內嵌] sock_alloc net/socket.c：631 [內嵌] __sock_create+0x12d/0x9d0 net/socket.c：1562 sock_create net/socket.c：1656 [內嵌] __sys_socketpair+0x1c4/0x560 net/socket.c：1803
__do_sys_socketpair net/socket.c：1856 [線上] __se_sys_socketpair net/socket.c：1853 [線上]
__x64_sys_socketpair+0x9b/0xb0 net/socket.c：1853 do_syscall_x64 arch/x86/entry/syscall_64.c：63 [內線] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c：94 entry_SYSCALL_64_after_hwframe+0x77/0x7f 任務 15 釋放：kasan_save_stack mm/kasan/common.c：57 [內嵌] kasan_save_track+0x3e/0x80 mm/kasan/common.c：78 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c：584 poison_slab_object mm/kasan/common.c：253 [內嵌]
__kasan_slab_free+0x5c/0x80 MM/kasan/common.c：285 kasan_slab_free include/linux/kasan.h：235 [內聯] slab_free_hook mm/slub.c：2685 [內嵌] slab_free mm/slub.c：6165 [內嵌] kmem_cache_free+0x187/0x630 mm/slub.c：6295 rcu_do_batch kernel/rcu/tree.c： ---truncated--- （CVE-2026-43016）

請注意，Nessus 的判定取決於廠商所報告的套件是否存在。

解決方案

目前尚未有已知的解決方案。

另請參閱

https://access.redhat.com/security/cve/cve-2026-43016

https://security-tracker.debian.org/tracker/CVE-2026-43016

Plugin 詳細資訊

嚴重性: High

ID: 311591

檔案名稱: unpatched_CVE_2026_43016.nasl

版本: 1.1

類型: Local

代理程式: unix

系列: Misc.

已發布: 2026/5/2

已更新: 2026/5/2

支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

風險資訊

VPR

風險因素: Medium

分數: 6.7

CVSS v2

風險因素: Medium

基本分數: 6.1

時間性分數: 5.2

媒介: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

CVSS 評分資料來源: CVE-2026-43016

CVSS v3

風險因素: High

基本分數: 7.8

時間性分數: 7.1

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:U/RC:C

弱點資訊

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, cpe:/o:redhat:enterprise_linux:10, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:libperf-devel, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:debian:debian_linux:linux, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-ipaclones-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra-matched, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-kvm

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

可輕鬆利用: No known exploits are available

弱點發布日期: 2026/5/1

參考資訊

CVE: CVE-2026-43016