Linux Distros 未修補的弱點:CVE-2026-46156
critical Nessus Plugin ID 317565
語言:
概要
Linux/Unix 主機上安裝的一個或多個套件存有弱點,廠商表示將不會修補。說明
Linux/Unix 主機上安裝了一個或多個受到弱點影響的套件,且供應商未提供可用的修補程式。- LoongArch:修正 loongson_gpu_fixup_dma_hang() 中潛在的 ADE loongson_gpu_fixup_dma_hang() 中的開關大小寫可能不是 DC2 或 DC3,readl(crtc_reg) 會使用隨機位址存取,因為裝置來自 base+PCI_DEVICE_ID,base 來自 pdev->devfn+1。當我的平台插入獨立 GPU 時,這是錯誤的:lspci -tv -[0000:00]-+-00.0 Loongson Technology LLC Hyper Transport Bridge Controller ... +-06.0 Loongson Technology LLC LG100 GPU +-06.2 Loongson Technology LLC Device 7a37 ... 新增預設切換案例以修正錯誤,如下所示: 核心 ade access[#1]: CPU:0 PID:1 Comm:
swapper/0 未受污染 6.6.。 136-loong64-desktop-hwe+ #4 pc 900000000017e5534 ra 90000000017e54c0 tp 90000001002f8000 sp 90000001002fb6c0 a0 80000efe000003100 a1 0000000000003100 a2 00000000000000000 a3 0000000000000002 a4 90000001002fb6b4 a5 900000087cdb58fd a6 90000000027af000 0 a7 0000000000000001 t0 000000000000085b9 t1 0000000000000ffff t2 000000000000000000000 t3 0000000000000000000 t4 fffffffd t5 0000000000000083b00 t7 0000000000070c0 t8 900000087cdb4d94 u0 900000087cdb58fd s990000001002fb826 s0 90000000031c12c8 s1 7ffffffff00 s2 90000000031c12d0 s3 0000000000002710 s4 0000000000000000000 s5 000000000000000000 s6 9000000100053000 s7 7fffffffffff00 s8 900000000030d4000 ra:
90000000017e54c0 loongson_gpu_fixup_dma_hang+0x40/0x210 ERA: 90000000017e5534 loongson_gpu_fixup_dma_hang+0xb4/0x210 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD:
00000004 (PPLV0 +PIE -PWE) EUEN:00000000 (-FPE -SXE -ASXE -BTE) ECFG:00071c1d (LIE=0,2-4,) 10-12 VS=7) ESTAT: 00480000 [ADEM] (IS= ECode=8 EsubCode=1) BADV: 7fffffffffffff00 PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV) 連結於: 進程交換器/0 (pid: 1, threadinfo=(____ptrval____), task=(____ptrval____)) 堆疊 : 0000000000000006 90000001002fb778 90000001002fb704 0000000000000007 0000000016a65700 90000000017e5690 00000000000ffff ffff 9000000000209f7c09000000100053000 9000000000209f7a8 900000000000eebc08 000000000000000000000000000000000000000000000000000000000 0000000000000006 00000000000000000000000000000000000000000000000000000 9000000100054000 9000000100053000 900000000000ebb70c 900000001000004c0 9000000004000001 0 90000001002fb7e4 bae765461f31cb12 0000000000000000000000000000000000000000000 0000000000000006 900000000027af000 0000000000000030 90000000027af000 900000087cd6f800 9000000100053000 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 900000000000087cd6f8000 00000000000000000000000000000ebc560 7a2500147cdaf720BAE765461F31CB12 0000000000000001 0000000000000030 ...
呼叫追蹤:[<90000000017e5534>] loongson_gpu_fixup_dma_hang+0xb4/0x210 [<9000000000eebc08>] pci_fixup_device+0x108/0x280 [<9000000000ebb70c>] pci_setup_device+0x24c/0x690 [<9000000000ebc560>] pci_scan_single_device+0xe0/0x140 [<9000000000ebc684>] pci_scan_slot+0xc4/0x280 [<9000000000ebdd00>] pci_scan_child_bus_extend+0x60/0x3f0 [<9000000000f5bc94>] acpi_pci_root_create+0x2b4/0x420 [<90000000017e5e74>] pci_acpi_scan_root+0x2d4/0x440 [<9000000000f5b02c>] acpi_pci_root_add+0x21c/0x3a0 [<9000000000f4ee54>] acpi_bus_attach+0x1a4/0x3c0 [<90000000010e200c>] device_for_each_child+0x6c/0xe0 [<9000000000f4bbf4>] acpi_dev_for_each_兒童+0x44/0x70 [<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0 [<90000000010e200c>] device_for_each_child+0x6c/0xe0 [<9000000000f4bbf4>] acpi_dev_for_each_child+0x44/0x70 [<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0 [<9000000000f5211c>] acpi_bus_scan+0x6c/0x280 [<900000000189c028>] acpi_scan_init+0x194/0x310 [<900000000189bc6c>] acpi_init+0xcc/0x140 [<9000000000220cdc>] do_one_initcall+0x4c/0x310 [<90000000018618fc>] kernel_init_freeable+0x258/0x2d4 [<900000000184326c>] kernel_init+0x28/0x13c [<9000000000222008>] ret_from_kernel_thread+0xc/0xa4 (CVE-2026-46156)
請注意,Nessus 的判定取決於廠商所報告的套件是否存在。
解決方案
目前尚未有已知的解決方案。另請參閱
Plugin 詳細資訊
嚴重性: Critical
ID: 317565
檔案名稱: unpatched_CVE_2026_46156.nasl
版本: 1.1
類型: Local
代理程式: unix
系列: Misc.
已發布: 2026/5/29
已更新: 2026/5/29
支援的感應器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
風險資訊
VPR
風險因素: Medium
分數: 6.7
CVSS v2
風險因素: High
基本分數: 7.5
時間性分數: 6.4
媒介: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 評分資料來源: CVE-2026-46156
CVSS v3
風險因素: Critical
基本分數: 9.8
時間性分數: 9
媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:U/RL:U/RC:C
弱點資訊
CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:12.0
必要的 KB 項目: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier
可輕鬆利用: No known exploits are available
弱點發布日期: 2026/5/28
參考資訊
CVE: CVE-2026-46156