检测

Linux Distros 未修补的漏洞:CVE-2025-39982

critical Nessus 插件 ID 271532

语言:

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。

 - Bluetoothhci_event修复 hci_acl_create_conn_sync 中的 UAF 这可修复 hci_acl_create_conn_sync 中的以下 UFA其中可能释放了命令提交 (conn->state == BT_OPEN)仍然待定的连接也因为 hci_le_create_conn_sync 之类的项目也可能发生此问题将其修复为well
 BUGKASAN由任务 kworker/u11:2/9541 CPU: 1 UID: 0 PID: 9541 Comm
 kworker/u11:2 未受感染 6.16.0-rc7 #3 PREEMPT(full) 硬件名称QEMU Standard PC (i440FX + PIIX, 1996)BIOS 1.10.2-1ubuntu1 04/01/2014 工作队列hci3 hci_cmd_sync_work 调用跟踪 <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [内联] print_report+0xca/0x230 mm/kasan/report.c:480 kasan_report+0x118/0x150 mm/kasan/ report.c:593 hci_acl_create_conn_sync+0x5ef/0x790 net/bluetooth/hci_sync.c:6861 hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xae1/0x17b0 内核/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/ 0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245 </TASK> 由任务分配 123736kasan_save_stack mm/kasan/common.c:47 [内联] kasan_save_track+0x3e/0x80 mm/kasan/c omon.c:68毒害_kmalloc_redzone mm/kasan/common.c:377 [内联] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [内联] __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359 kmalloc_noprof include/linux/slab.h:905 [内联] kzalloc_noprof include/linux/slab.h:1039 [内联] __hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939 hci_conn_add_unset net/ bluetooth/hci_conn.c:1051 [inline] hci_connect_acl+0x16c/0x4e0 net/bluetooth/hci_conn.c:1634 pair_device+0x418/0xa70 net/bluetooth/mgmt.c:3556 hci_mgmt_cmd+0x9c9/0xef0 net/bluetooth/hci_sock.c 1719 hci_sock_sendmsg+0x6ca/0xef0 net/bluetooth/hci_sock.c:1839 sock_sendmsg_nosec net/socket.c:712 [内联]
 __sock_sendmsg+0x219/0x270 net/socket.c:727 sock_write_iter+0x258/0x330 net/socket.c:1131 new_sync_write fs/read_write.c:593 [inline] vfs_write+0x54b/0xa90 fs/read_write.c:686 ksys_write+0x145 /0x250 fs/read_write.c:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f 由任务 103680 释放
 kasan_save_stack mm/kasan/common.c:47 [内联] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576毒害_slab_object mm/kasan/common.c 247 [内联]
 __kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [内联] slab_free_hook mm/slub.c:2381 [内联] slab_free mm/slub.c:4643 [内联] kfree +0x18e/0x440 mm/slub.c:4842 device_release+0x9c/0x1c0 kobject_cleanup lib/kobject.c:689 [内联] kobject_release lib/kobject.c:720 [内联] kref_put include/linux/kref.h:65 [内联] kobject_put+0x22b/0x480 lib/kobject.c:737 hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline] hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173 hci_conn_complete_evt+0x3c7/0x1040 net/bluetooth/hci_event .c:3199 hci_event_func net/bluetooth/hci_event.c:7477 [inline] hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070 process_one_work 内核/工作队列。 c:3238 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86 /kernel/process .c:148 ret_from_fork_asm+0x1a/0x30 home/kwqcheii/sour
 ---truncated--- (CVE-2025-39982)

请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://security-tracker.debian.org/tracker/CVE-2025-39982

插件详情

严重性: Critical

ID: 271532

文件名: unpatched_CVE_2025_39982.nasl

版本: 1.1

类型: local

代理: unix

系列: Misc.

发布时间: 2025/10/27

最近更新时间: 2025/10/27

支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.7

CVSS v2

风险因素: High

基本分数: 7.5

时间分数: 6.4

矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 分数来源: CVE-2025-39982

CVSS v3

风险因素: Critical

基本分数: 9.8

时间分数: 9

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:U/RC:C

漏洞信息

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:14.0, cpe:/o:debian:debian_linux:12.0, cpe:/o:debian:debian_linux:13.0

必需的 KB 项: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2025/10/15

参考资料信息

CVE: CVE-2025-39982