检测

Linux Distros 未修补的漏洞:CVE-2022-50248

medium Nessus 插件 ID 264939

语言:

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。

 - wifiiwlwifimvm修复 tx 路径上的双重释放。我们发现与 ax210 固件崩溃相关的内核崩溃和锁定以及 KASAN 错误。其中一个 KASAN 转储指向 tx 路径并且似乎确实存在双重释放 skb 的方式。如果 iwl_mvm_tx_skb_sta 返回非零则发送到 方法中的“skb”将被释放。但是如果我们构建 TSO skb 缓冲区skb 也可能在错误情况下被释放。因此在该特定错误情况下返回 0 并手动执行清理。缺陷KASAN中的释放后使用
 __list_del_entry_valid+0x12/0x90 iwlwifi 0000:06:00.00x00000000| tsf hi 任务 btserver/9650 CPU: 4 PID: 9650 Comm: btserver TaintedGW 5.19.8+ #5 iwlwifi 0000:06:00.0: 0x00000000 | tsf hi Read在 addr ffff88813cfa4ba0 大小 8 的读取time gp1 硬件名称Default string Default string/SKYBAY、BIOS 5.12 02/19/2019 调用跟踪 <TASK> dump_stack_lvl+0x55/0x6d print_report.cold.12+0xf2/0x684 iwlwifi 0000:06:00.0: 0x1D0915A8 | time gp1 硬件名称time gp2 ? 0000:06:00.00x00000001| __list_del_entry_valid+0x12/0x90 kasan_report+0x8b/0x180 iwlwifi uCode 修订类型 ? __list_del_entry_valid+0x12/0x90
 __list_del_entry_valid+0x12/0x90 iwlwifi 0000:06:00.00x00000048 | __list_del_entry_valid+0x12/0x90 iwlwifi uCode 版本主要 tcp_update_skb_after_send+0x5d/0x170 __tcp_transmit_skb+0xb61/0x15c0 iwlwifi 0000:06:00.00xDAA05125 | uCode 版本 次要 ? __tcp_select_window+0x490/0x490 iwlwifi 0000:06:00.00x00000420| hw 版本 ? trace_kmalloc_node+0x29/0xd0 ? __kmalloc_node_track_caller+0x12a/0x260 ? memset+0x1f/0x40 ?
 __build_skb_around+0x125/0x150 ? __alloc_skb+0x1d4/0x220 ? skb_zerocopy_clone+0x55/0x230 iwlwifi 0000:06:00.00x00489002 | skb_zerocopy_clone+0x55/0x230 iwlwifi板版本 ? kmalloc_reserve+0x80/0x80 ? 0000:06:00.00x034E001C| rcu_read_lock_bh_held+0x60/0xb0 tcp_write_xmit+0x3f1/0x24d0 iwlwifi| hcmd ? __check_object_size+0x180/0x350 iwlwifi 0000:06:00.00x24020000| | isr0 tcp_sendmsg_locked+0x8a9/0x1520 iwlwifi 0000:06:00.00x01400000| isr1 ? tcp_sendpage+0x50/0x50 iwlwifi 0000:06:00.00x48F0000A | tcp_sendpage+0x50/0x50 iwlwifi isr2 ? lock_release+0xb9/0x400 ? | tcp_sendmsg+0x14/0x40 iwlwifi 0000:06:00.00x00C3080C | tcp_sendmsg+0x14/0x40 iwlwifi isr3 ? lock_downgrade+0x390/0x390 ? 0000:06:00.00x00200000| do_raw_spin_lock+0x114/0x1d0 iwlwifi isr4 ? | rwlock_bug.part.2+0x50/0x50 iwlwifi 0000:06:00.00x034A001C |最后一个 cmd Id ? rwlock_bug.part.2+0x50/0x50 lockdep_hardirqs_on_prepare+0xe/0x200 iwlwifi 0000:06:00.00x0000C2F0 | lockdep_hardirqs_on_prepare+0xe/0x200 iwlwifi wait_event ?
 __local_bh_enable_ip+0x87/0xe0 ? 0000:06:00.00x000000C4 | inet_send_prepare+0x220/0x220 iwlwifi | l2p_control tcp_sendmsg+0x22/0x40 sock_sendmsg+0x5f/0x70 iwlwifi 0000:06:00.0: 0x00010034 | l2p_duration
 __sys_sendto+0x19d/0x250 iwlwifi 0000:06:00.00x00000007 | __sys_sendto+0x19d/0x250 iwlwifi l2p_mhvalid ? __ia32_sys_getpeername+0x40/0x40 iwlwifi 0000:06:00.00x00000000| l2p_addr_match ? rcu_read_lock_held_common+0x12/0x50 rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_bh_held+0xb0/0xb0 rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_sched_held+0x5a/0xd0 ? lock_release+0xb9/0x400 ? lock_downgrade+0x390/0x390 ? ktime_get+0x64/0x130 ? ktime_get+0x8d/0x130 ? rcu_read_lock_held_common+0x12/0x50 rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_held_common+0x12/0x50 rcu_read_lock_sched_held+0x5a/0xd0 ? rcu_read_lock_bh_held+0xb0/0xb0 rcu_read_lock_bh_held+0xb0/0xb0
 __x64_sys_sendto+0x6f/0x80 do_syscall_64+0x34/0xb0 entry_SYSCALL_64_after_hwframe+0x46/0xb0 RIP
 0033:0x7f1d126e4531 代码00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 35 80 0c 00 41 89 ca 8b 00 85 c0 75 1c 45 31 c9 45 31 c0 b8 00 00 0f 31 c0 b8 00 005 <48> 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 55 48 83 ec 20 48 89 RSP002b:00007ffe21a679d8 EFLAGS00000246 ORIG_RAX: 000000000000002c RAX: ffff ffffffda
 000000000000ffdc RCX: 00007f1d126e4531 RDX: 0000000000010000 RSI: 000000000374acf0 RDI: 0000000000000014 RBP: 00007ffe21a67ac0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11:
 0000000000000246 R ---truncated--- (CVE-2022-50248)

请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://access.redhat.com/security/cve/cve-2022-50248

https://ubuntu.com/security/CVE-2022-50248

插件详情

严重性: Medium

ID: 264939

文件名: unpatched_CVE_2022_50248.nasl

版本: 1.3

类型: local

代理: unix

系列: Misc.

发布时间: 2025/9/16

最近更新时间: 2025/9/20

支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.7

CVSS v2

风险因素: Medium

基本分数: 5.6

时间分数: 4.1

矢量: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:C

CVSS 分数来源: CVE-2022-50248

CVSS v3

风险因素: Medium

基本分数: 6.3

时间分数: 5.5

矢量: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:redhat:enterprise_linux:libperf-devel, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-intel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-partner, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-partner, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt-addons, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt-addons, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.11, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-selftests-internal, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.11, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:redhat:enterprise_linux:kernel-ipaclones-internal, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-partner, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:redhat:enterprise_linux:kernel-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core

必需的 KB 项: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2025/9/15

参考资料信息

CVE: CVE-2022-50248