偵測

RockyLinux 10:核心 (RLSA-2026:21557)

high Nessus Plugin ID 318641

語言:

概要

遠端 RockyLinux 主機缺少一個或多個安全性更新。

說明

遠端 RockyLinux 10 主機安裝的套件會受到 RLSA-2026:21557 公告中所述多個弱點的影響。

 * 核心:can:j1939: j1939_session_new():修正 skb 參照計數 (CVE-2024-56645)

 * 核心:ima:設定或移除非 IMA xattr (CVE-2025-68183) 時,不要清除IMA_DIGSIG旗標

 * 核心:mm:thp:拒絕匿名 inode 上檔案的 THP (CVE-2026-23375)

 * 核心:netfilter: nf_tables:在錯誤 (CVE-2026-23392) 的 RCU 寬限期後釋放流程表

 * 核心:netfilter: nf_conntrack_h323:檢查 DecodeQ931() 中的零長度 (CVE-2026-23455)

 * 核心:net:sched: act_csum:驗證巢狀 VLAN 標頭 (CVE-2026-31684)

 * 核心:netfilter: ip6t_eui64:拒絕所有封包的無效 MAC 標頭 (CVE-2026-31685)

 * 核心:netfilter: nf_conntrack_helper:傳遞協助程式以預期清理 (CVE-2026-43027)

 * 核心:io_uring/rsrc:拒絕零長度固定緩衝區匯入 (CVE-2026-43006)

 * 核心:藍牙:MGMT:驗證載入時的 LTK enc_size (CVE-2026-43020)

 * 核心:HID:wacom:修正 wacom_intuos_bt_irq (CVE-2026-43051) 中的越界讀取

 * 核心:藍牙:SCO:修正 sco_sock_connect() 中的爭用情形 (CVE-2026-43023)

 * 核心:netfilter: ctnetlink:確保安全存取主 conntrack (CVE-2026-43116)

 * 核心:wifi: brcmfmac:驗證 IF 事件中的 bsscfg 索引 (CVE-2026-43110)

 * 核心:netfilter: xt_tcpmss:在讀取 optlen (CVE-2026-43190) 之前檢查剩餘長度

 * 核心: Linux 核心 dpaa2-switch: 透過越界寫入 (CVE-2026-43205) 造成核心記憶體損毀

 * 核心:xfs:修正將 xattrs 新增至葉區塊時的 freemap 調整 (CVE-2026-43158)

 * 核心:mm/page_alloc:清除 free_pages_prepare() 中的 page->private (CVE-2026-43303)

Tenable 已直接從 RockyLinux 安全公告擷取前置描述區塊。

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://errata.rockylinux.org/RLSA-2026:21557

https://bugzilla.redhat.com/show_bug.cgi?id=2464455

https://bugzilla.redhat.com/show_bug.cgi?id=2454810

https://bugzilla.redhat.com/show_bug.cgi?id=2467090

https://bugzilla.redhat.com/show_bug.cgi?id=2467210

https://bugzilla.redhat.com/show_bug.cgi?id=2467005

https://bugzilla.redhat.com/show_bug.cgi?id=2468091

https://bugzilla.redhat.com/show_bug.cgi?id=2422699

https://bugzilla.redhat.com/show_bug.cgi?id=2461757

https://bugzilla.redhat.com/show_bug.cgi?id=2464402

https://bugzilla.redhat.com/show_bug.cgi?id=2464462

https://bugzilla.redhat.com/show_bug.cgi?id=2464369

https://bugzilla.redhat.com/show_bug.cgi?id=2467014

https://bugzilla.redhat.com/show_bug.cgi?id=2451218

https://bugzilla.redhat.com/show_bug.cgi?id=2467064

https://bugzilla.redhat.com/show_bug.cgi?id=2451199

https://bugzilla.redhat.com/show_bug.cgi?id=2461759

https://bugzilla.redhat.com/show_bug.cgi?id=2334560

https://bugzilla.redhat.com/show_bug.cgi?id=2464496

Plugin 詳細資訊

嚴重性: High

ID: 318641

檔案名稱: rocky_linux_RLSA-2026-21557.nasl

版本: 1.1

類型: Local

已發布: 2026/6/4

已更新: 2026/6/4

支援的感應器: Nessus Agent, Continuous Assessment, Nessus

風險資訊

VPR

風險因素: High

分數: 7.7

CVSS v2

風險因素: Medium

基本分數: 6.8

時間性分數: 5

媒介: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2026-43205

CVSS v3

風險因素: High

基本分數: 7.8

時間性分數: 6.8

媒介: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:rocky:linux:kernel-rt-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:rocky:linux:kernel-zfcpdump, p-cpe:/a:rocky:linux:kernel-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-core, p-cpe:/a:rocky:linux:kernel-rt-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-zfcpdump-debuginfo, p-cpe:/a:rocky:linux:python3-perf-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-rt, cpe:/o:rocky:linux:10, p-cpe:/a:rocky:linux:kernel-abi-stablelists, p-cpe:/a:rocky:linux:kernel-modules, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-extra, p-cpe:/a:rocky:linux:kernel-64k-modules, p-cpe:/a:rocky:linux:kernel-rt-debug, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-core, p-cpe:/a:rocky:linux:kernel-debuginfo, p-cpe:/a:rocky:linux:libperf, p-cpe:/a:rocky:linux:kernel-debug-modules, p-cpe:/a:rocky:linux:kernel-debug-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-core, p-cpe:/a:rocky:linux:kernel-rt-64k, p-cpe:/a:rocky:linux:kernel-rt-64k-debug, p-cpe:/a:rocky:linux:kernel-rt-64k-devel, p-cpe:/a:rocky:linux:kernel-debug, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-uki-virt, p-cpe:/a:rocky:linux:kernel-debuginfo-common-s390x, p-cpe:/a:rocky:linux:kernel-tools, p-cpe:/a:rocky:linux:kernel-64k-devel-matched, p-cpe:/a:rocky:linux:kernel-rt-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-devel, p-cpe:/a:rocky:linux:python3-perf, p-cpe:/a:rocky:linux:kernel-devel, p-cpe:/a:rocky:linux:kernel-rt-debuginfo, p-cpe:/a:rocky:linux:kernel, p-cpe:/a:rocky:linux:kernel-rt-debug-core, p-cpe:/a:rocky:linux:kernel-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-rt-64k-modules, p-cpe:/a:rocky:linux:kernel-rt-modules-core, p-cpe:/a:rocky:linux:kernel-rt-modules-extra, p-cpe:/a:rocky:linux:libperf-debuginfo, p-cpe:/a:rocky:linux:kernel-devel-matched, p-cpe:/a:rocky:linux:kernel-core, p-cpe:/a:rocky:linux:kernel-modules-extra-matched, p-cpe:/a:rocky:linux:kernel-64k-debug-core, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel, p-cpe:/a:rocky:linux:perf-debuginfo, p-cpe:/a:rocky:linux:kernel-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-devel, p-cpe:/a:rocky:linux:kernel-tools-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-ppc64le, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel-matched, p-cpe:/a:rocky:linux:perf, p-cpe:/a:rocky:linux:kernel-rt-debug-modules, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-core, p-cpe:/a:rocky:linux:kernel-64k-modules-core, p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-64k-core, p-cpe:/a:rocky:linux:kernel-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-modules-core, p-cpe:/a:rocky:linux:kernel-modules-extra, p-cpe:/a:rocky:linux:rtla, p-cpe:/a:rocky:linux:kernel-rt-modules, p-cpe:/a:rocky:linux:kernel-tools-libs-devel, p-cpe:/a:rocky:linux:kernel-64k-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-64k-debug, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-tools-libs, p-cpe:/a:rocky:linux:rv, p-cpe:/a:rocky:linux:kernel-uki-virt-addons, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-core, p-cpe:/a:rocky:linux:kernel-debug-uki-virt, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-64k, p-cpe:/a:rocky:linux:kernel-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-zfcpdump-core, p-cpe:/a:rocky:linux:kernel-debug-modules-core

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2026/6/4

弱點發布日期: 2024/12/27

參考資訊

CVE: CVE-2024-56645, CVE-2025-68183, CVE-2026-23375, CVE-2026-23392, CVE-2026-23455, CVE-2026-31684, CVE-2026-31685, CVE-2026-43006, CVE-2026-43020, CVE-2026-43023, CVE-2026-43027, CVE-2026-43051, CVE-2026-43110, CVE-2026-43116, CVE-2026-43158, CVE-2026-43190, CVE-2026-43205, CVE-2026-43303