Oracle Linux 9:qemu-kvm (ELSA-2026-18772)

high Nessus Plugin ID 322195

概要

遠端 Oracle Linux 主機缺少安全性更新。

說明

遠端 Oracle Linux 9 主機上安裝的套件受到 ELSA-2026-18772 公告中提及的一個弱點影響。

[10.1.0-17]
- kvm-mirror-Fix-missed-dirty-bitmap-writes-during-startup.patch [RHEL-155947 RHEL-155948]
- kvm-linux-aio-Put-all-parameters-into-qemu_laiocb.patch [RHEL-154174]
- kvm-linux-aio-Resubmit-tails-of-short-reads-writes.patch [RHEL-154174]
- kvm-block-io_uring-avoid-potentially-getting-stuck-after.patch [RHEL-154174]
- kvm-io-uring-Resubmit-tails-of-short-writes.patch [RHEL-154174]
- 解決: RHEL-155947 (鏡像工作在啟動期間可能會遺漏寫入,從而損毀副本 [rhel-9.8])
- 解決: RHEL-155948 (鏡像工作在啟動期間可能會遺漏寫入,從而損毀副本 [rhel-9])
- 解決: RHEL-154174 (qemu-kvm:磁碟寫入的位元組數少於請求的位元組數是重試條件,不一定表示 ENOSPC [rhel-9.8])

[10.1.0-16]
- kvm-block-never-drop-BLOCK_IO_ERROR-with-action-stop-for.patch [RHEL-151679]
- 解決: RHEL-151679 ([rhel-9.8] 由於事件速率限制,導致 (w|r)錯誤設定為 'stop' 或 'enospc' 的 BLOCK_IO_ERROR 事件傳遞中的迴歸)

[10.1.0-15]
- kvm-scsi-generalize-scsi_SG_IO_FROM_DEV-to-scsi_SG_IO.patch [RHEL-149396]
- kvm-scsi-add-error-reporting-to-scsi_SG_IO.patch [RHEL-149396]
- kvm-scsi-track-SCSI-reservation-state-for-live-migration.patch [RHEL-149396]
- kvm-scsi-save-load-SCSI-reservation-state.patch [RHEL-149396]
- kvm-docs-add-SCSI-migrate-pr-documentation.patch [RHEL-149396]
- 解決方案: RHEL-149396 (移轉 SCSI PR 狀態並在即時移轉時先佔保留 [rhel-9])

[10.1.0-14]
- kvm-rbd-Run-co-BH-CB-in-the-coroutine-s-AioContext.patch [RHEL-67115]
- kvm-curl-Fix-coroutine-waking.patch [RHEL-67115]
- kvm-block-io-Take-reqs_lock-for-tracked_requests.patch [RHEL-67115]
- kvm-qcow2-重新初始化鎖定invalidate_cache.patch [RHEL-67115]
- kvm-qcow2-fix-cache_clean_timer.patch [RHEL-67115]
- 解決: RHEL-67115 ([network-storage][rbd][core-dump]啟用多佇列時,客體安裝有時會失敗[rhel9.6])

[10.1.0-13]
- kvm-vhost-user-make-vhost_set_vring_file-synchronous.patch [RHEL-147422]
- kvm-hw-s390x-Fix-a-possible-crash-with-passed-through-vi.patch [RHEL-130620]
- 解決: RHEL-147422 (virtiofs:處理程序在 virtiofs 掛載時卡在 request_wait_answer)
- 解決: RHEL-130620 (透過 vfio_ccw 連接 virtio 裝置時,VM 在啟動期間當機 [rhel-9])

[10.1.0-12]
- kvm-block-Improve-comments-in-BlockLimits.patch [RHEL-132989]
- kvm-block-expose-block-limits-for-images-in-QMP.patch [RHEL-132989]
- kvm-qemu-img-info-Optionally-show-block-limits.patch [RHEL-132989]
- kvm-qemu-img-info-Add-cache-mode-option.patch [RHEL-132989]
- kvm-hw-intc-ioapic-Fix-ACCEL_KERNEL_GSI_IRQFD_POSSIBLE-t.patch [RHEL-140187]
- kvm-q35-increase-default-tseg-size.patch [RHEL-139057]
- 解決: RHEL-132989 (公開 QMP 和 qemu-img 中區塊節點的區塊限制 [rhel-9])
- 解決: RHEL-140187 (Intel IOMMU VM 凍結:「call_irq_handler: 3.37 沒有向量的 irq 處理常式」[rhel-9.8])
- 解決: RHEL-139057 ([qemu, rhel-9] 增加預設 TSEG 大小)

[10.1.0-11]
- kvm-block-Fix-BDS-use-after-free-during-shutdown.patch [RHEL-138240]
- 解決: RHEL-138240 (在即時移轉期間停止來源虛擬機器時,QEMU 當機 [rhel-9])

[10.1.0-10]
- kvm-monitor-generalize-query-mshv-info-mshv-to-query-acc.patch [RHEL-132193]
- 解決: RHEL-132193 ([rhel 9.8]L1VH qemu 下游初始合併 RHEL9)

[10.1.0-9]
- kvm-pcie_sriov-make-pcie_sriov_pf_exit-safe-on-non-SR-IO.patch [RHEL-131144]
- kvm-accel-Add-Meson-and-config-support-for-MSHV-accelera.patch [RHEL-132193]
- kvm-target-i386-emulate-Allow-instruction-decoding-from-.patch [RHEL-132193]
- kvm-target-i386-mshv-Add-x86-decoder-emu-implementation.patch [RHEL-132193]
- kvm-hw-intc-Generalize-APIC-helper-names-from-kvm_-to-ac.patch [RHEL-132193]
- kvm-include-hw-hyperv-Add-MSHV-ABI-header-definitions.patch [RHEL-132193]
- kvm-linux-headers-linux-Add-mshv.h-headers.patch [RHEL-132193]
- kvm-accel-mshv-Add-accelerator-skeleton.patch [RHEL-132193]
- kvm-accel-mshv-Register-memory-region-listeners.patch [RHEL-132193]
- kvm-accel-mshv-Initialize-VM-partition.patch [RHEL-132193]
- kvm-accel-mshv-Add-vCPU-creation-and-execution-loop.patch [RHEL-132193]
- kvm-treewide-rename-qemu_wait_io_event-qemu_wait_io_even.patch [RHEL-132193]
- kvm-accel-mshv-Add-vCPU-signal-handling.patch [RHEL-132193]
- kvm-target-i386-mshv-Add-CPU-create-and-remove-logic.patch [RHEL-132193]
- kvm-target-i386-mshv-Implement-mshv_store_regs.patch [RHEL-132193]
- kvm-target-i386-mshv-Implement-mshv_get_standard_regs.patch [RHEL-132193]
- kvm-target-i386-mshv-Implement-mshv_get_special_regs.patch [RHEL-132193]
- kvm-target-i386-mshv-Implement-mshv_arch_put_registers.patch [RHEL-132193]
- kvm-target-i386-mshv-Set-local-interrupt-controller-stat.patch [RHEL-132193]
- kvm-target-i386-mshv-Register-CPUID-entries-with-MSHV.patch [RHEL-132193]
- kvm-target-i386-mshv-Register-MSRs-with-MSHV.patch [RHEL-132193]
- kvm-target-i386-mshv-Integrate-x86-instruction-decoder-e.patch [RHEL-132193]
- kvm-target-i386-mshv-Write-MSRs-to-the-hypervisor.patch [RHEL-132193]
- kvm-target-i386-mshv-Implement-mshv_vcpu_run.patch [RHEL-132193]
- kvm-accel-mshv-Handle-overlapping-mem-mappings.patch [RHEL-132193]
- kvm-qapi-accel-Allow-to-query-mshv-capabilities.patch [RHEL-132193]
- kvm-target-i386-mshv-Use-preallocated-page-for-hvcall.patch [RHEL-132193]
- kvm-docs-Add-mshv-to-documentation.patch [RHEL-132193]
- kvm-MAINTAINERS-Add-maintainers-for-mshv-accelerator.patch [RHEL-132193]
- kvm-accel-mshv-initialize-thread-name.patch [RHEL-132193]
- kvm-accel-mshv-use-return-value-of-handle_pio_str_read.patch [RHEL-132193]
- 解決: RHEL-131144 (從啟用多功能的匯流排熱拔出磁碟後 qemu 當機 [RHEL.9.8])
- 解決: RHEL-132193 ([rhel 9.8]L1VH qemu 下游初始合併 RHEL9)

[10.1.0-8]
- kvm-file-posix-Handle-suspended-dm-multipath-better-for-.patch [RHEL-133303]
- 解決: RHEL-133303 (在直通容錯移轉多路徑裝置上進行 S3-PR 整合時,VM 遇到 io 錯誤 [rhel-9])

Tenable 已直接從 Oracle Linux 安全公告擷取前置描述區塊。

請注意,Nessus 並未測試此問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://linux.oracle.com/errata/ELSA-2026-18772.html

Plugin 詳細資訊

嚴重性: High

ID: 322195

檔案名稱: oraclelinux_ELSA-2026-18772.nasl

版本: 1.1

類型: Local

代理程式: unix

已發布: 2026/6/23

已更新: 2026/6/23

支援的感應器: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

風險資訊

VPR

風險因素: Medium

分數: 5

百分位: 94.89

CVSS v2

風險因素: High

基本分數: 7.8

時間性分數: 5.8

媒介: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS 評分資料來源: CVE-2025-11234

CVSS v3

風險因素: High

基本分數: 7.5

時間性分數: 6.5

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:oracle:linux:qemu-img, p-cpe:/a:oracle:linux:qemu-kvm-block-rbd, p-cpe:/a:oracle:linux:qemu-kvm-block-curl, p-cpe:/a:oracle:linux:qemu-kvm-core, p-cpe:/a:oracle:linux:qemu-kvm-device-display-virtio-gpu-pci, p-cpe:/a:oracle:linux:qemu-kvm-docs, p-cpe:/a:oracle:linux:qemu-kvm-tools, p-cpe:/a:oracle:linux:qemu-guest-agent, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:qemu-kvm-device-usb-redirect, p-cpe:/a:oracle:linux:qemu-kvm-device-display-virtio-vga, p-cpe:/a:oracle:linux:qemu-kvm-ui-egl-headless, p-cpe:/a:oracle:linux:qemu-kvm-common, p-cpe:/a:oracle:linux:qemu-kvm-device-display-virtio-gpu, p-cpe:/a:oracle:linux:qemu-kvm-block-blkio, p-cpe:/a:oracle:linux:qemu-kvm-audio-pa, p-cpe:/a:oracle:linux:qemu-kvm, p-cpe:/a:oracle:linux:qemu-kvm-device-usb-host, p-cpe:/a:oracle:linux:qemu-pr-helper, p-cpe:/a:oracle:linux:qemu-kvm-ui-opengl

必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2026/6/12

弱點發布日期: 2025/10/3

參考資訊

CVE: CVE-2025-11234