Linux Distros 未修补的漏洞:CVE-2023-53492
high Nessus 插件 ID 269526
语言:
简介
Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。描述
Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。- netfilternf_tables按 ID 查找链时不忽略 genmask 在向引用其 ID 的链添加规则时如果已在同批次删除该链则该规则可能最终引用一个已删除的链。这将导致出现如下所示的警告: [ 33.098431] ------------[ cut here]------------ [ 33.098678] WARNING: CPU: 5 PID69 at net/netfilter/nf_tables_api.c:2037 nf_tables_chain_destroy+0x23d/0x260 [ 33.099217] 链接的模块[ 33.099388] CPU5 PID69 Comm
kworker/5:1 未受感染 6.4.0+ #409 [ 33.099726] Workqueuenf_tables_trans_destroy_work 事件 [33.100018] RIP: 0010:nf_tables_chain_destroy+0x23d/0x260 [ 33.100306] Code8b 7c 24 68 e8 64 9c ed fe 4c 89 e7 e8 5c 9c ed fe 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d 31 c0 89 c6 89 c7 c3 cc cc cc cc <0f> 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f0 5d 8931 c c6 89 c7 [ 33.101271] RSP: 0018:ffffc900004ffc48 EFLAGS
00010202 [ 33.101546] RAX: 0000000000000001 RBX: ffff888006fc0a28 RCX: 0000000000000000 [ 33.101920] RDX:
0000000000000000 RSI0000000000000000 RDI0000000000000000 [ 33.102649] RBPffffc900004ffc78 R08
0000000000000000 R090000000000000000 [ 33.103018] R100000000000000000 R110000000000000000 R12
ffff8880135ef500 [ 33.103385] R13: 0000000000000000 R14: dead000000000122 R15: ffff888006fc0a10 [33.103762] FS: 0000000000000000(0000) GS:ffff888024c80000(0000) knlGS:0000000000000000 [ 33.104184] CS:
0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.104493] CR2: 00007fe863b56a50 CR3: 00000000124b0001 CR4:
0000000000770ee0 [ 33.104872] PKRU: 55555554 [ 33.104999] 调用跟踪 [ 33.105113] <TASK> [ 33.105214] ? show_regs+0x72/0x90 [ 33.105371] ? __warn+0xa5/0x210 [ 33.105520] nf_tables_chain_destroy+0x23d/0x260 [33.105732] ? report_bug+0x1f2/0x200 [ 33.105902] handle_bug+0x46/0x90 [ 33.106546] ? exc_invalid_op+0x19/0x50 [ 33.106762] ? asm_exc_invalid_op+0x1b/0x20 [ 33.106995] ? nf_tables_chain_destroy+0x23d/0x260 [ 33.107249] ? nf_tables_chain_destroy+0x30/0x260 [ 33.107506] nf_tables_trans_destroy_work+0x669/0x680 [ 33.107782] ? mark_held_locks+0x28/0xa0 [ 33.107996] ?
__pfx_nf_tables_trans_destroy_work+0x10/0x10 [ 33.108294] ? _raw_spin_unlock_irq+0x28/0x70 [ 33.108538] process_one_work+0x68c/0xb70 [ 33.108755] ? lock_acquire+0x17f/0x420 [ 33.108977] ?
__pfx_process_one_work+0x10/0x10 [ 33.109218] ? do_raw_spin_lock+0x128/0x1d0 [ 33.109435] ?
_raw_spin_lock_irq+0x71/0x80 [ 33.109634] worker_thread+0x2bd/0x700 [ 33.109817] ?
__pfx_worker_thread+0x10/0x10 [ 33.110254] kthread+0x18b/0x1d0 [ 33.110410] ? __pfx_kthread+0x10/0x10 [33.110581] ret_from_fork+0x29/0x50 [ 33.110757] </TASK> [ 33.110866] irq 事件标记1651 [ 33.111017] hardirqs last enabled at (1659)[<ffffffffa206a209>] __up_console_sem+0x79/0xa0 [ 33.111379] hardirqs 上次禁用的时间 (1666)[<ffffffffa206a1ee>] __up_console_sem+0x5e/0xa0 [ 33.111740] softirqs 上次启用的时间 (1616): [<ffffffffa1f5d40e>] __irq_exit_rcu+0x9e/0xe0 [ 33.112094] softirqs 上次禁用的时间(1367): [<ffffffffa1f5d40e>] __irq_exit_rcu+0x9e/0xe0 [ 33.112453] ---[ end trace 0000000000000000 ]--- 这是由于 nft_chain_lookup_byid 忽略 genmask所致。在此更改后由于无法找到链添加新规则将会失败。 (CVE-2023-53492)
请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。
解决方案
目前尚未有任何已知的解决方案。另见
插件详情
严重性: High
ID: 269526
文件名: unpatched_CVE_2023_53492.nasl
版本: 1.2
类型: local
代理: unix
系列: Misc.
发布时间: 2025/10/8
最近更新时间: 2025/10/17
支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
CVSS v2
风险因素: High
基本分数: 8.5
时间分数: 6.3
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C
CVSS 分数来源: CVE-2023-53492
CVSS v3
风险因素: High
基本分数: 8.8
时间分数: 7.7
矢量: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE: p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-tegra, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.8, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-tegra-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-realtime-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.8, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:canonical:ubuntu_linux:linux-bluefield, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:canonical:ubuntu_linux:linux-realtime-6.14, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.15, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.14, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.11, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-tegra-igx, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-raspi, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iotg-5.15, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-xilinx-zynqmp, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-lowlatency, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, cpe:/o:canonical:ubuntu_linux:25.04, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-iot, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iotg, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-nvidia, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-lts-xenial, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11
必需的 KB 项: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier
易利用性: No known exploits are available
漏洞发布日期: 2025/10/1
参考资料信息
CVE: CVE-2023-53492