Linux Distros 未修补的漏洞：CVE-2025-38056

high Nessus 插件 ID 247788

语言：

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞，但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响，而供应商没有提供补丁程序。

- 已修复 Linux 内核中的下列漏洞：ASoC: SOF: Intel: hda: Fix UAF when reloading module hda_generic_machine_select() appends -idisp to the tplg filename by allocating a new string with devm_kasprintf(), then stores the string right back into the global variable snd_soc_acpi_intel_hda_machines. When the module is unloaded, this memory is freed, resulting in a global variable pointing to freed memory. Reloading the module then triggers a use-after-free: BUG: KFENCE: use-after-free read in string+0x48/0xe0 Use-after-free read at 0x00000000967e0109 (in kfence-#99):
string+0x48/0xe0 vsnprintf+0x329/0x6e0 devm_kvasprintf+0x54/0xb0 devm_kasprintf+0x58/0x80 hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic] sof_probe_work+0x7f/0x600 [snd_sof] process_one_work+0x17b/0x330 worker_thread+0x2ce/0x3f0 kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 kfence-#99: 0x00000000198a940f-0x00000000ace47d9d, size=64, cache=kmalloc-64 allocated by task 333 on cpu 8 at 17.798069s (130.453553s ago): devm_kmalloc+0x52/0x120 devm_kvasprintf+0x66/0xb0 devm_kasprintf+0x58/0x80 hda_machine_select.cold+0x198/0x17a2 [snd_sof_intel_hda_generic] sof_probe_work+0x7f/0x600 [snd_sof] process_one_work+0x17b/0x330 worker_thread+0x2ce/0x3f0 kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 freed by task 1543 on cpu 4 at 141.586686s (6.665010s ago): release_nodes+0x43/0xb0 devres_release_all+0x90/0xf0 device_unbind_cleanup+0xe/0x70 device_release_driver_internal+0x1c1/0x200 driver_detach+0x48/0x90 bus_remove_driver+0x6d/0xf0 pci_unregister_driver+0x42/0xb0 __do_sys_delete_module+0x1d1/0x310 do_syscall_64+0x82/0x190 entry_SYSCALL_64_after_hwframe+0x76/0x7e Fix it by copying the match array with devm_kmemdup_array() before we modify it. (CVE-2025-38056)

请注意，Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://ubuntu.com/security/CVE-2025-38056

插件详情

严重性: High

ID: 247788

文件名: unpatched_CVE_2025_38056.nasl

版本: 1.13

类型: local

代理: unix

系列: Misc.

发布时间: 2025/8/10

最近更新时间: 2026/3/9

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.7

CVSS v2

风险因素: Low

基本分数: 3.6

时间分数: 3.1

矢量: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P

CVSS 分数来源: CVE-2025-38056

CVSS v3

风险因素: High

基本分数: 7.8

时间分数: 7.1

矢量: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:U/RC:C

漏洞信息

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-xilinx, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, cpe:/o:canonical:ubuntu_linux:25.04, p-cpe:/a:canonical:ubuntu_linux:linux-azure, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, cpe:/o:canonical:ubuntu_linux:25.10, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2

必需的 KB 项: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2025/6/18

参考资料信息

CVE: CVE-2025-38056