检测

Linux Distros 未修补的漏洞:CVE-2025-39703

medium Nessus 插件 ID 261641

语言:

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。

 - net, hsr如果 skb 无法容纳标签则拒绝 HSR 帧接收 HSR 帧其空间不足以在 skb 中容纳 HSR 标签可导致崩溃内核 BUG[ 45.390915] skbuff: skb_under_panic
 text:ffffffff86f32cac len:26 put:14 head:ffff888042418000 data:ffff888042417ff4 tail:0xe end:0x180 dev:bridge_slave_1 [ 45.392559] ------------[ 在此处剪切 ]-------- ------ [ 45.392912] 内核缺陷位于 net/core/skbuff.c:211! [ 45.393276] Oops无效的 opcode0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI [45.393809] CPU: 1 UID: 0 PID: 2496 Comm重现器未受感染 6.15.0 #12 PREEMPT(undef) [ 45.394433] 硬件名称QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org04/01/2014 [ 45.395273] RIP0010:skb_panic+0x15b/0x1d0<snip registers, remove unreliable trace> [45.402911] 调用跟踪[ 45.403105] <IRQ> [ 45.404470] skb_push+0xcd/0xf0 [ 45.404726] br_dev_queue_push_xmit+0x7c/0x6c0 [ 45.406513] br_forward_finish+0x128/0x260 [ 45.408483]
 __br_forward+0x42d/0x590 [ 45.409464]maybe_deliver+0x2eb/0x420 [ 45.409763] br_flood+0x174/0x4a0 [45.410030] br_handle_frame_finish+0xc7c/0x1bc0 [ 45.411618] br_handle_frame+0xac3/0x1230 [ 45.413674]
 __netif_receive_skb_core.constprop.0+0x808/0x3df0 [ 45.422966] __netif_receive_skb_one_core+0xb4/0x1f0 [45.424478] __netif_receive_skb+0x22/0x170 [ 45.424806] process_backlog+0x242/0x6d0 [ 45.425116]
 __napi_poll+0xbb/0x630 [ 45.425394] net_rx_action+0x4d1/0xcc0 [ 45.427613] handle_softirqs+0x1a4/0x580 [45.427926] do_softirq+0x74/0x90 [ 45.428196] </IRQ> 此问题的发现者为 syzkaller。一旦收到线性数据中已推送 ETH 标头的损坏 skb就会在 br_dev_queue_push_xmit() 中发生错误。当尝试进行 skb_push() 调用时出现动态余量不足和 skb_push() 错误。损坏的 skb 由 HSR 层放入队列中从而在收到特定的损坏 HSR 帧具有不完整的 TAG时进行一系列意外转换。通过丢弃和消耗长度不足以同时包含以太网和 hsr 标头的帧来修复此问题。替代补丁是在 br_dev_queue_push_xmit() 中的 skb_push() 之前检查足够的余量。在重现器中这是通过 AF_PACKET 注入的但我无法轻易理解为何无法通过线路从邻近网络发送它。更多详细信息在重现器中设置了以下网络接口链veth0_to_hsr hsr_slave0 hsr0 veth1_to_hsr hsr_slave1 bridge ... 为触发导致崩溃的事件重现器会从损坏的 HSR 发送
 ---truncated--- (CVE-2025-39703)

请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://access.redhat.com/security/cve/cve-2025-39703

https://security-tracker.debian.org/tracker/CVE-2025-39703

插件详情

严重性: Medium

ID: 261641

文件名: unpatched_CVE_2025_39703.nasl

版本: 1.2

类型: local

代理: unix

系列: Misc.

发布时间: 2025/9/6

最近更新时间: 2025/9/7

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Medium

分数: 5.2

CVSS v2

风险因素: Low

基本分数: 2.1

时间分数: 1.6

矢量: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS 分数来源: CVE-2025-39703

CVSS v3

风险因素: Medium

基本分数: 6.5

时间分数: 5.7

矢量: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-modules-partner, cpe:/o:debian:debian_linux:14.0, cpe:/o:debian:debian_linux:11.0, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-core, p-cpe:/a:debian:debian_linux:linux, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:redhat:enterprise_linux:kernel-ipaclones-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, cpe:/o:redhat:enterprise_linux:10, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists, p-cpe:/a:redhat:enterprise_linux:rv, cpe:/o:debian:debian_linux:13.0, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:libperf-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-internal, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-internal

必需的 KB 项: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2025/9/5

参考资料信息

CVE: CVE-2025-39703