Azure Linux 3.0 安全更新内核 (CVE-2025-38063)
medium Nessus 插件 ID 295576
语言:
简介
远程 Azure Linux 主机缺少一个或多个安全更新。描述
远程 Azure Linux 3.0 主机上安装的内核版本低于 测试的版本。因此,该程序受到 CVE-2025-38063 公告中提及的一个漏洞影响。- 已修复 Linux 内核中的下列漏洞:dm: fix unconditional IO throttle caused by REQ_PREFLUSH When a bio with REQ_PREFLUSH is submitted to dm, __send_empty_flush() generates a flush_bio with REQ_OP_WRITE | REQ_PREFLUSH | REQ_SYNC, which causes the flush_bio to be throttled by wbt_wait(). An example from v5.4, similar problem also exists in upstream: crash> bt 2091206 PID: 2091206 TASK: ffff2050df92a300 CPU: 109 COMMAND: kworker/u260:0 #0 [ffff800084a2f7f0] __switch_to at ffff80004008aeb8 #1 [ffff800084a2f820] __schedule at ffff800040bfa0c4 #2 [ffff800084a2f880] schedule at ffff800040bfa4b4 #3 [ffff800084a2f8a0] io_schedule at ffff800040bfa9c4 #4 [ffff800084a2f8c0] rq_qos_wait at ffff8000405925bc #5 [ffff800084a2f940] wbt_wait at ffff8000405bb3a0 #6 [ffff800084a2f9a0]
__rq_qos_throttle at ffff800040592254 #7 [ffff800084a2f9c0] blk_mq_make_request at ffff80004057cf38 #8 [ffff800084a2fa60] generic_make_request at ffff800040570138 #9 [ffff800084a2fae0] submit_bio at ffff8000405703b4 #10 [ffff800084a2fb50] xlog_write_iclog at ffff800001280834 [xfs] #11 [ffff800084a2fbb0] xlog_sync at ffff800001280c3c [xfs] #12 [ffff800084a2fbf0] xlog_state_release_iclog at ffff800001280df4 [xfs] #13 [ffff800084a2fc10] xlog_write at ffff80000128203c [xfs] #14 [ffff800084a2fcd0] xlog_cil_push at ffff8000012846dc [xfs] #15 [ffff800084a2fda0] xlog_cil_push_work at ffff800001284a2c [xfs] #16 [ffff800084a2fdb0] process_one_work at ffff800040111d08 #17 [ffff800084a2fe00] worker_thread at ffff8000401121cc #18 [ffff800084a2fe70] kthread at ffff800040118de4 After commit 2def2845cc33 (xfs: don't allow log IO to be throttled), the metadata submitted by xlog_write_iclog() should not be throttled. But due to the existence of the dm layer, throttling flush_bio indirectly causes the metadata bio to be throttled. Fix this by conditionally adding REQ_IDLE to flush_bio.bi_opf, which makes wbt_should_throttle() return false to avoid wbt_wait(). (CVE-2025-38063)
请注意,Nessus 尚未测试此问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
更新受影响的程序包。另见
插件详情
严重性: Medium
ID: 295576
文件名: azure_linux_CVE-2025-38063.nasl
版本: 1.1
类型: local
发布时间: 2026/1/22
最近更新时间: 2026/1/22
支持的传感器: Nessus
风险信息
VPR
风险因素: Medium
分数: 4.4
CVSS v2
风险因素: Medium
基本分数: 4.6
时间分数: 3.4
矢量: CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C
CVSS 分数来源: CVE-2025-38063
CVSS v3
风险因素: Medium
基本分数: 5.5
时间分数: 4.8
矢量: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE: p-cpe:/a:microsoft:azure_linux:kernel-debuginfo, p-cpe:/a:microsoft:azure_linux:kernel-devel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-gpu, p-cpe:/a:microsoft:azure_linux:python3-perf, p-cpe:/a:microsoft:azure_linux:kernel-docs, x-cpe:/o:microsoft:azure_linux, p-cpe:/a:microsoft:azure_linux:kernel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-sound, p-cpe:/a:microsoft:azure_linux:bpftool, p-cpe:/a:microsoft:azure_linux:kernel-drivers-intree-amdgpu, p-cpe:/a:microsoft:azure_linux:kernel-drivers-accessibility, p-cpe:/a:microsoft:azure_linux:kernel-tools
必需的 KB 项: Host/local_checks_enabled, Host/AzureLinux/release, Host/AzureLinux/rpm-list, Host/cpu
易利用性: No known exploits are available
补丁发布日期: 2025/8/12
漏洞发布日期: 2025/6/12
参考资料信息
CVE: CVE-2025-38063