检测

Linux Distros 未修补的漏洞:CVE-2023-54262

high Nessus 插件 ID 281556

语言:

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。

 - net/mlx5e不再克隆流 post 操作属性时该代码已克隆 mlx5e_clone_flow_attr_for_post_act() 中的 post 操作属性。在 mlx5e_tc_post_act_add() 中创建另一个副本是原始实现的错误残留。而是将 handle->attribute 分配给调用程序提供的 post_attr。请注意第二次克隆属性不仅造成资源消耗还会造成如下释放后使用的问题例如邻居更新代码中未正确更新第二个副本
 2 月 21 日 09:02:00 c-237-177-40-045 kernelBUGKASANmlx5_cmd_set_fte+0x200d/0x24c0 中的释放后使用 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernelkasan_report+0xbb/0x1a0 2 月 21 日 09:02 :00 c-237-177-40-045 内核kasan_save_stack+0x1e/0x40 2 月 21 日 09:02:00 c-237-177-40-045 内核
 kasan_set_track+0x21/0x30 Feb 21 09:02:00 c-237-177-40-045 kernel__kasan_kmalloc+0x7a/0x90 Feb 21 09:02:00 c-237-177-40-045 kernel: kasan_save_stack+0x1e/0x40 Feb 21 09:02:00 c-237-177-40-045 kernel
 kasan_set_track+0x21/0x30 Feb 21 09:02:00 c-237-177-40-045 kernel: kasan_save_free_info+0x2a/0x40 Feb 21 09:02:00 c-237-177-40-045 kernel:____kasan_slab_free+0x11a/0x1b0 Feb 21 09:02:00 c-237-177-40-045 kernel
 页面转储原因在于kasan检测到错误访问 2 月 21 09:02:00 c-237-177-40-045 kernelmlx5_core 0000:08:00.0: mlx5_cmd_out_err:803:(pid 8833): SET_FLOW_TABLE_ENTRY(0x936) op_mod(0x0) 失败状态错误资源状态(0x9)、syndrome (0xf2ff71)、err(-22) Feb 21 09:02:00 c-237-177-40-045 kernelmlx5_core 0000:08:00.0 enp8s0f0添加 post 操作规则失败 2 月 21 日 09:02:00 c-237-177-40-045 kernel mlx5_core 0000:08:00.0mlx5e_tc_encap_flows_add:190:(pid 8833)无法更新流发布操作2 月 21 日 09:02:00 c-237-177-40-045 kernel调用跟踪 Feb 21 09:02:00 c-237-177-40-045 kernel <TASK> 2 月 21 日 09:02:00 c-237-177-40-045 kerneldump_stack_lvl+0x57/0x7d 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 print_report+0x170/0x471 2 月 21 日 09:02:00 c-237-177-40-045 内核? mlx5_cmd_set_fte+0x200d/0x24c0 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 内核 kasan_report+0xbb/0x1a0 2 月 21 日 09:02:00 c-237-177-40-045 内核mlx5_cmd_set_fte+0x200d/0x24c0 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045kernelmlx5_cmd_set_fte+0x200d/0x24c0 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel?
 __module_address.part.0+0x62/0x200 2 月 21 日 09:02:00 c-237-177-40-045 内核mlx5_cmd_stub_create_flow_table+0xd0/0xd0 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 内核
 __raw_spin_lock_init+0x3b/0x110 2 月 21 日 09:02:00 c-237-177-40-045 kernelmlx5_cmd_create_fte+0x80/0xb0 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kerneladd_rule_fg+0xe80/0x19c0 [mlx5_core] -- 2 月 21 日 09:02 :00 c-237-177-40-045 内核 由任务 13476 分配 2 月 21 日 09:02:00 c-237-177-40-045 内核
 kasan_save_stack+0x1e/0x40 Feb 21 09:02:00 c-237-177-40-045 kernelkasan_set_track+0x21/0x30 Feb 21 09:02:00 c-237-177-40-045 kernel__kasan_kmalloc+0x7a/0x90 Feb 21 09:02:00 c-237-177-40-045 kernel
 mlx5_packet_reformat_alloc+0x7b/0x230 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 mlx5e_tc_tun_create_header_ipv4+0x977/0xf10 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 mlx5e_attach_encap+0x15b4/0x1e10 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 post_process_attr+0x305/0xa30 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 mlx5e_tc_add_fdb_flow+0x4c0/0xcf0 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 __mlx5e_add_fdb_flow+0x7cf/0xe90 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 mlx5e_configure_Flower+0xcaa/0x4b90 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 mlx5e_rep_setup_tc_cls_Flower+0x99/0x1b0 [mlx5_core] 2 月 21 日 09:02:00 c-237-177-40-045 kernel
 mlx5e_rep_setup_tc_cb+0x133/0x1e0 [mlx5_core] -- Feb 21 09:02:00 c-237-177-40-045 kernel由任务 8833释放2月 21 日 09:02:00 c-237-177-40-045 kernel: kasan_save_s ---truncated--- (CVE-2023-54262)

请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://access.redhat.com/security/cve/cve-2023-54262

https://ubuntu.com/security/CVE-2023-54262

插件详情

严重性: High

ID: 281556

文件名: unpatched_CVE_2023_54262.nasl

版本: 1.11

类型: local

代理: unix

系列: Misc.

发布时间: 2025/12/31

最近更新时间: 2026/2/4

支持的传感器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

风险信息

VPR

风险因素: High

分数: 7.1

CVSS v2

风险因素: Medium

基本分数: 6.6

时间分数: 5.6

矢量: CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C

CVSS 分数来源: CVE-2023-54262

CVSS v3

风险因素: High

基本分数: 7.9

时间分数: 7.2

矢量: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H

时间矢量: CVSS:3.0/E:U/RL:U/RC:C

漏洞信息

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-azure, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:centos:centos:kernel-rt, p-cpe:/a:centos:centos:kernel-rt-core, p-cpe:/a:centos:centos:kernel-rt-debug-devel, p-cpe:/a:centos:centos:kernel-rt-modules-extra, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:centos:centos:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:centos:centos:kernel-rt-debug-devel-matched, p-cpe:/a:centos:centos:kernel-rt-debug-modules-internal, p-cpe:/a:centos:centos:kernel-rt-debug-modules-partner, p-cpe:/a:centos:centos:kernel-rt-devel-matched, p-cpe:/a:centos:centos:kernel-rt-modules-partner, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.11, cpe:/o:canonical:ubuntu_linux:25.04, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:centos:centos:kernel-rt-selftests-internal, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.11, cpe:/o:redhat:enterprise_linux:8, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, cpe:/o:centos:centos:8, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:centos:centos:kernel-rt-debug, p-cpe:/a:centos:centos:kernel-rt-debug-core, p-cpe:/a:centos:centos:kernel-rt-debug-modules, p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra, p-cpe:/a:centos:centos:kernel-rt-devel, p-cpe:/a:centos:centos:kernel-rt-modules, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:centos:centos:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:centos:centos:kernel-rt-debug-modules-core, p-cpe:/a:centos:centos:kernel-rt-modules-core, p-cpe:/a:centos:centos:kernel-rt-modules-internal, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-xilinx

必需的 KB 项: Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2025/12/30

参考资料信息

CVE: CVE-2023-54262