Linux Distros 未修补的漏洞：CVE-2025-39983

critical Nessus 插件 ID 271547

语言：

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞，但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响，而供应商没有提供补丁程序。

- Bluetoothhci_event修复 hci_conn_tx_dequeue 中的 UAF 这可修复因在处理 HCI_EV_NUM_COMP_PKTS 时未正确锁定 hdev 而造成的以下 UAF缺陷BUGKASANhci_conn_tx_dequeue+0x1be/0x220 net/bluetooth/hci_conn.c:3036 中的 slab-use-after-free由任务 kworker/u11:0/54 CPU:1 UID:0 PID:54 Comm: kworker/u11:0 未受感染的 addr ffff8880740f0940 大小 4 的读取 6.16.0-rc7 #3 PREEMPT(full) 硬件名称QEMU Standard PC i440FX + PIIX、1996BIOS 1.10.2-1ubuntu1 04/01/2014 Workqueuehci1 hci_rx_work Call Trace <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c 378 [inline] print_report+0xca/0x230 mm/kasan/report.c:480 kasan_report+0x118/0x150 mm/kasan/report.c:593 hci_conn_tx_dequeue+0x1be/0x220 net/bluetooth/hci_conn.c:3036 hci_num_comp_pkts_evt+0x1c8/ 0xa50 net/bluetooth/hci_event.c:4404 hci_event_func net/bluetooth/hci_event.c:7477 [内联] hci_event_packet+0x7e0/0x1200 net/bluetooth/hci_event.c:7531 hci_rx_work+0x46a/0xe80 net /bluetooth/hci_core.c:4070 process_one_work kernel/workqueue.c:3238 [内联] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x70e/0x8a0 kernel/ kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/ entry_64.S:245 </TASK> 按任务 54 分配kasan_save_stack mm/kasan/common.c:47 [内联] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68毒害_kmalloc_redzone mm/kasan/common.c:377 [ inline] __kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x230/0x3d0 mm/slub.c:4359 kmalloc_noprof include/linux/slab.h 905 [内联] kzalloc_noprof include/linux/slab.h:1039 [内联]
__hci_conn_add+0x233/0x1b30 net/bluetooth/hci_conn.c:939 le_conn_complete_evt+0x3d6/0x1220 net/bluetooth/hci_event.c:5628 hci_le_enh_conn_complete_evt+0x189/0x470 net/bluetooth/hci_event.c:5794 hci_event.c:5794 hci_event.bluetooth/ 7474 [inline] hci_event_packet+0x78c/0x1200 net/bluetooth/hci_event.c:7531 hci_rx_work+0x46a/0xe80 net/bluetooth/hci_core.c:4070 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xae1/0x17b0 内核/workqueue.c:3321 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3402 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/ 0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux-6.16-rc7/arch/x86/entry/entry_64.S:245 已由任务 9572 释放
kasan_save_stack mm/kasan/common.c:47 [内联] kasan_save_track+0x3e/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c:576毒害_slab_object mm/kasan/common.c 247 [内联]
__kasan_slab_free+0x62/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [内联] slab_free_hook mm/slub.c:2381 [内联] slab_free mm/slub.c:4643 [内联] kfree +0x18e/0x440 mm/slub.c:4842 device_release+0x9c/0x1c0 kobject_cleanup lib/kobject.c:689 [内联] kobject_release lib/kobject.c:720 [内联] kref_put include/linux/kref.h:65 [内联] kobject_put+0x22b/0x480 lib/kobject.c:737 hci_conn_cleanup net/bluetooth/hci_conn.c:175 [inline] hci_conn_del+0x8ff/0xcb0 net/bluetooth/hci_conn.c:1173 hci_abort_conn_sync+0x5d1/0xdf0 net/bluetooth/hci_sync .c:5689 hci_cmd_sync_work+0x210/0x3a0 net/bluetooth/hci_sync.c:332 process_one_work kernel/workqueue.c:3238 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3321 work_thread+0x8a0/0xda0 kernel/workqueue。 c:3402 kthread+0x70e/0x8a0 kernel/kthread.c:464 ret_from_fork+0x3fc/0x770 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 home/kwqcheii/source/fuzzing/kernel/kasan/linux- 6.16-rc7/arch/x86/entry/entry_64 .S:245 (CVE-2025-39983)

请注意，Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://security-tracker.debian.org/tracker/CVE-2025-39983

插件详情

严重性: Critical

ID: 271547

文件名: unpatched_CVE_2025_39983.nasl

版本: 1.1

类型: local

代理: unix

系列: Misc.

发布时间: 2025/10/27

最近更新时间: 2025/10/27

支持的传感器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: High

分数: 7.4

CVSS v2

风险因素: High

基本分数: 7.5

时间分数: 6.4

矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS 分数来源: CVE-2025-39983

CVSS v3

风险因素: Critical

基本分数: 9.8

时间分数: 9

矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:U/RC:C

漏洞信息

CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:14.0

必需的 KB 项: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2025/10/15

参考资料信息

CVE: CVE-2025-39983