检测

MagicLinux 7kernel-3.10.0-1160.119.1.0.8.el7.AXS7 (AXSA:2025-9625:10)

high Nessus 插件 ID 283043

语言:

简介

远程iraclelinux 主机缺少一个或多个安全更新。

描述

远程iraclelinux 7 主机上存在安装的程序包该程序包受到 AXSA:2025-9625:10 公告中提及的多个漏洞的影响。

 * media: edia: dvbdev修复释放后使用 {CVE-2024-27043}
 * btrfsdev-replace正确验证设备名称 {CVE-2024-26791}
 * KVMnSVM从内存加载 PDPTE 时忽略 nCR3[4:0] {CVE-2024-50115}
 * net/sched在 TC_H_ROOT 上停止 qdisc_tree_reduce_backlog {CVE-2024-53057}
 * ipc/sem.csemctl 的缺陷补丁GETZCNT
 * 将 KEXEC_AUTO_RESERVED_SIZE 增加到 256M
 * x86/apic/x2apic将单个中断的关联设置为一个 CPU
 * bonding避免重复显示相同的链路状态变更
 * xen/netfront在实时迁移期间停止 tx 队列
 * xen/balloon支持基于 xend 的工具堆栈
 * md/raid5修复条带化大小调整期间的 oops
 * block修复 blk_mq_rq_timed_out() 中的空指针取消引用
 * block初始化将 rq ref 计数刷新为 1
 * blk-mq删除生成 sequence
 * 恢复驱动程序核心bus修复驱动程序 API bus_register() 中的双重释放 CVE
 CVE-2024-27043 在 Linux 内核中已解决以下漏洞 media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.
 CVE-2024-26791 In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getname_kernel(). Add a helper that validates both source and target device name buffers. For devid as the source initialize the buffer to empty string in case something tries to read it later. This was originally analyzed and fixed in a different way by Edward Adam Davis (see links).
 CVE-2024-50115 In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforce 32-byte alignment of nCR3. In the absolute worst case scenario, failure to ignore bits 4:0 can result in an out-of-bounds read, e.g. if the target page is at the end of a memslot, and the VMM isn't using guard pages. Per the APM: The CR3 register points to the base address of the page-directory-pointer table. The page-directory-pointer table is aligned on a 32-byte boundary, with the low 5 address bits 4:0 assumed to be 0. And the SDM's much more explicit: 4:0 Ignored Note, KVM gets this right when loading PDPTRs, it's only the nSVM flow that is broken.
 CVE-2024-53057 In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

Tenable 已直接从MiracleLinux 安全公告中提取上述描述块。

请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。

解决方案

更新受影响的程序包。

另见

https://tsn.miraclelinux.com/en/node/20809

插件详情

严重性: High

ID: 283043

文件名: miracle_linux_AXSA-2025-9625.nasl

版本: 1.2

类型: local

发布时间: 2026/1/13

最近更新时间: 2026/1/20

支持的传感器: Nessus Agent, Nessus

风险信息

VPR

风险因素: High

分数: 7.4

Vendor

Vendor Severity: High

CVSS v2

风险因素: Medium

基本分数: 6.8

时间分数: 5

矢量: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS 分数来源: CVE-2024-53057

CVSS v3

风险因素: High

基本分数: 7.8

时间分数: 6.8

矢量: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:O/RC:C

漏洞信息

CPE: p-cpe:/a:miracle:linux:kernel-tools, cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:kernel-debug, p-cpe:/a:miracle:linux:kernel-tools-libs, p-cpe:/a:miracle:linux:python-perf, p-cpe:/a:miracle:linux:perf, p-cpe:/a:miracle:linux:bpftool, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel-abi-whitelists, p-cpe:/a:miracle:linux:kernel-debug-devel, p-cpe:/a:miracle:linux:kernel

必需的 KB 项: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

易利用性: No known exploits are available

补丁发布日期: 2025/2/5

漏洞发布日期: 2021/7/21

参考资料信息

CVE: CVE-2024-26791, CVE-2024-27043, CVE-2024-50115, CVE-2024-53057