RockyLinux 10:kernel (RLSA-2026:30129)

critical Nessus Plugin ID 323232

概要

遠端 RockyLinux 主機缺少一個或多個安全性更新。

說明

遠端 RockyLinux 10 主機上安裝的套件受到 RLSA-2026:30129 公告中提及的多個弱點影響。

* 核心:rxrpc:修正 RESPONSE 驗證器剖析器 OOB 讀取 (CVE-2026-31636)

* 核心:ipv6: icmp:清除 ip6_err_gen_icmpv6_unreach() 中的 skb2->cb[] (CVE-2026-43038)

* 核心:tcp:修正 tcp_v6_syn_recv_sock() 中潛在的爭用 (CVE-2026-43198)

* 核心:scsi:qla2xxx:完全修正 fcport 重複釋放 (CVE-2026-43414)

* 核心:RDMA/iwcm:透過移除 work_list 來修正工作佇列清單損毀 (CVE-2026-45898)

* 核心:RDMA/mana:移除 mana_ib_create_qp_rss() 中的使用者可觸發 WARN_ON() (CVE-2026-46117)

* kernel: RDMA/mana:驗證 rx_hash_key_len (CVE-2026-46145)

* kernel: nvmet-tcp:修正 ICReq 處理與佇列終止之間的爭用情形 (CVE-2026-46135)

錯誤修正和增強功能:

* CVE-2026-46054 修正後意外的 execmem SELinux 拒絕 [rhel-10.2.z] (JIRA:Rocky Linux-185117)

Tenable 已直接從 RockyLinux 安全公告擷取前置描述區塊。

請注意,Nessus 並未測試這些問題,而是僅依據應用程式自我報告的版本號碼作出判斷。

解決方案

更新受影響的套件。

另請參閱

https://bugzilla.redhat.com/show_bug.cgi?id=2461510

https://bugzilla.redhat.com/show_bug.cgi?id=2464397

https://bugzilla.redhat.com/show_bug.cgi?id=2467228

https://bugzilla.redhat.com/show_bug.cgi?id=2468155

https://bugzilla.redhat.com/show_bug.cgi?id=2482031

https://bugzilla.redhat.com/show_bug.cgi?id=2482576

https://bugzilla.redhat.com/show_bug.cgi?id=2482581

https://bugzilla.redhat.com/show_bug.cgi?id=2482654

https://errata.rockylinux.org/RLSA-2026:30129

Plugin 詳細資訊

嚴重性: Critical

ID: 323232

檔案名稱: rocky_linux_RLSA-2026-30129.nasl

版本: 1.1

類型: Local

已發布: 2026/6/27

已更新: 2026/6/27

支援的感應器: Nessus Agent, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

風險資訊

VPR

風險因素: Medium

分數: 4.9

百分位: 57.96

CVSS v2

風險因素: Critical

基本分數: 10

時間性分數: 7.4

媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS 評分資料來源: CVE-2026-46135

CVSS v3

風險因素: Critical

基本分數: 9.8

時間性分數: 8.5

媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

時間媒介: CVSS:3.0/E:U/RL:O/RC:C

弱點資訊

CPE: p-cpe:/a:rocky:linux:kernel-rt-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64, p-cpe:/a:rocky:linux:kernel-zfcpdump, p-cpe:/a:rocky:linux:kernel-rt-debug, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-core, p-cpe:/a:rocky:linux:kernel-debuginfo, p-cpe:/a:rocky:linux:libperf, p-cpe:/a:rocky:linux:kernel-debug-modules, p-cpe:/a:rocky:linux:kernel-debug-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-core, p-cpe:/a:rocky:linux:kernel-rt-64k, p-cpe:/a:rocky:linux:kernel-rt-64k-debug, p-cpe:/a:rocky:linux:kernel-rt-64k-devel, p-cpe:/a:rocky:linux:kernel-debug, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-uki-virt, p-cpe:/a:rocky:linux:kernel-debuginfo-common-s390x, p-cpe:/a:rocky:linux:kernel-tools, p-cpe:/a:rocky:linux:kernel-64k-devel-matched, p-cpe:/a:rocky:linux:kernel-rt-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-devel, p-cpe:/a:rocky:linux:python3-perf, p-cpe:/a:rocky:linux:kernel-devel, p-cpe:/a:rocky:linux:kernel-rt-debuginfo, p-cpe:/a:rocky:linux:kernel, p-cpe:/a:rocky:linux:kernel-rt-debug-core, p-cpe:/a:rocky:linux:kernel-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-rt-64k-modules, p-cpe:/a:rocky:linux:rtla, p-cpe:/a:rocky:linux:kernel-rt-modules, p-cpe:/a:rocky:linux:kernel-tools-libs-devel, p-cpe:/a:rocky:linux:kernel-64k-debug-devel-matched, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-64k-debug, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-extra, p-cpe:/a:rocky:linux:kernel-tools-libs, p-cpe:/a:rocky:linux:rv, p-cpe:/a:rocky:linux:kernel-uki-virt-addons, p-cpe:/a:rocky:linux:kernel-rt-64k-modules-core, p-cpe:/a:rocky:linux:kernel-debug-uki-virt, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-64k, p-cpe:/a:rocky:linux:kernel-64k-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-debug-modules-core, p-cpe:/a:rocky:linux:kernel-debug-devel, p-cpe:/a:rocky:linux:kernel-rt-64k-core, p-cpe:/a:rocky:linux:kernel-rt-core, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-devel, p-cpe:/a:rocky:linux:kernel-zfcpdump-debuginfo, p-cpe:/a:rocky:linux:python3-perf-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-debug-modules-extra, p-cpe:/a:rocky:linux:kernel-rt, cpe:/o:rocky:linux:10, p-cpe:/a:rocky:linux:kernel-abi-stablelists, p-cpe:/a:rocky:linux:kernel-modules, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules-extra, p-cpe:/a:rocky:linux:kernel-64k-modules, p-cpe:/a:rocky:linux:kernel-rt-modules-core, p-cpe:/a:rocky:linux:kernel-rt-modules-extra, p-cpe:/a:rocky:linux:libperf-debuginfo, p-cpe:/a:rocky:linux:kernel-devel-matched, p-cpe:/a:rocky:linux:kernel-core, p-cpe:/a:rocky:linux:kernel-modules-extra-matched, p-cpe:/a:rocky:linux:kernel-64k-debug-core, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel, p-cpe:/a:rocky:linux:perf-debuginfo, p-cpe:/a:rocky:linux:kernel-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-debug-debuginfo, p-cpe:/a:rocky:linux:kernel-64k-devel, p-cpe:/a:rocky:linux:kernel-tools-debuginfo, p-cpe:/a:rocky:linux:kernel-debuginfo-common-ppc64le, p-cpe:/a:rocky:linux:kernel-zfcpdump-modules, p-cpe:/a:rocky:linux:kernel-zfcpdump-devel-matched, p-cpe:/a:rocky:linux:perf, p-cpe:/a:rocky:linux:kernel-rt-debug-modules, p-cpe:/a:rocky:linux:kernel-rt-debug-modules-core, p-cpe:/a:rocky:linux:kernel-64k-modules-core, p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:rocky:linux:kernel-rt-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-64k-core, p-cpe:/a:rocky:linux:kernel-64k-debug-modules, p-cpe:/a:rocky:linux:kernel-modules-core, p-cpe:/a:rocky:linux:kernel-modules-extra, p-cpe:/a:rocky:linux:kernel-zfcpdump-core, p-cpe:/a:rocky:linux:kernel-debug-modules-core

必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

可輕鬆利用: No known exploits are available

修補程式發佈日期: 2026/6/27

弱點發布日期: 2026/4/7

參考資訊

CVE: CVE-2026-31636, CVE-2026-43038, CVE-2026-43198, CVE-2026-43414, CVE-2026-45898, CVE-2026-46117, CVE-2026-46135, CVE-2026-46145