检测

Linux Distros 未修补的漏洞:CVE-2026-23167

medium Nessus 插件 ID 299320

语言:

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。

 - nfc:nci:修复rfkill与nci_unregister_device()之间的竞赛。SyzBot 报告了 [0] 以下的 splat,但没有复制。它表明 struct nci_dev.cmd_wq 在通过 rfkill 调用 nci_close_device() 之前已被销毁。nci_dev.cmd_wq 只在 nci_unregister_device() 中被销毁,我认为这个 是从 virtual_ncidev_close syzbot 关闭()一个 virtual_ncidev 的 fd 时调用的。问题在于 nci_unregister_device() 先摧毁 nci_dev.cmd_wq,然后调用 nfc_unregister_device(),从而通过 rfkill_unregister() 将该设备从 rfkill 中移除。所以,即使 nci_dev.cmd_wq 被销毁后,设备仍通过 rfkill 显示。我们先在 nci_unregister_device() 中取消注册该设备 rfkill 的 。注意,我们不能在 nci_close_device() 之前调用 nfc_unregister_device(),因为 1) nfc_unregister_device() 调用 device_del(),释放了所有由 devm_kzalloc() 分配并链接到 ndev->conn_info_list 的内存;2) nci_rx_work() 可能尝试将nci_conn_info队列到 ndev->conn_info_list,从而可能被泄露。因此, nfc_unregister_device() 被拆分为两个函数,因此我们只能在 nci_close_device() 之前移除 rfkill 接口。[0]:DEBUG_LOCKS_WARN_ON(1)警告:
 kernel/locking/lockdep.c:238 在 hlock_class kernel/locking/lockdep.c:238 [内联], CPU#0: syz.0.8675/6349 警告:kernel/locking/lockdep.c:238 在 check_wait_context kernel/locking/lockdep.c:4854 [内联], CPU#0:
 syz.0.8675/6349 警告:内核/锁定/lockdep.c:238 at __lock_acquire+0x39d/0x2cf0 kernel/locking/lockdep.c:5187, CPU#0: syz.0.8675/6349 连接模块:CPU:0 UID:0 PID:6349 通讯:
 syz.0.8675 未受污染的 syzkaller #0 PREEMPT(完整) 硬件名称:Google Google Compute Engine/Google Compute Engine,BIOS Google 2026年1月13日 RIP: 0010:hlock_class kernel/locking/lockdep.c:238 [内联] RIP:
 0010:check_wait_context kernel/locking/lockdep.c:4854 [内联] RIP: 0010:__lock_acquire+0x3a4/0x2cf0 kernel/locking/lockdep.c:5187 代码:18 00 4c 8b 74 24 08 75 27 90 e8 17 f2 fc 02 85 c0 74 1c 83 3d 50 e0 4e 0e 00 75 13 48 8d 3d 43 f7 51 0e 48 c7 c6 8b 3a de 8d <67> 48 0f b9 3a 90 31 c0 0f b6 98 c4 00 0000 41 8b 45 20 25 ff 1f RSP: 0018:ffffc9000c767680 EFLAGS: 00010046 RAX: 0000000000000001 RBX: 0000000000040000 RCX: 0000000000080000 RDX: ffffc90013080000 RSI: ffffffff8dde3a8b RDI: ffffffff8ff24ca0 RBP:
 0000000000000003 R08: FFFFFFFFF8FEF35A3 R09: 1FFFFFFFF1FDE6B4 R10: DFFFFFC000000000000 R11: FFFFFBFF1FDE6B5 R12: 0000000000000012a2 R13: FFFFF888030338BA8 R14: FFFF8888030338000 R15: FFFF88803038B30 FS:
 00007fa5995f66c0(0000) GS:ffff8881256f8000(0000) knlGS:000000000000000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0:
 0000000080050033 CR2: 00007f7e72f842d0 CR3: 00000000485a00000 CR4: 00000000003526f0 呼叫追踪: <TASK> lock_acquire+0x106/0x330 kernel/locking/lockdep. C:5868 touch_wq_lockdep_map+0xcb/0x180 kernel/workqueue.c:3940 __flush_workqueue+0x14b/0x14f0 kernel/workqueue.c:3982 nci_close_device+0x302/0x630 NET/NFC/NCI/core.C:567 nci_dev_down+0x3b/0x50 NET/NFC/NCI/CORE.C:639 nfc_dev_down+0x152/0x290 NET/NFC/CORE.C:161 nfc_rfkill_set_block+0x2d/0x100 NET/NFC/CORE.C:179 rfkill_set_Block+0x1d2/0x440 NET/RFKILL/CORE.C:346 rfkill_fop_write+0x461/0x5a0 Net/RFkill/Core.C:1301 vfs_write+0x29a/0xb90 FS/read_write.C:684 ksys_write+0x150/0x270 FS/read_write.C:738 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [内联] do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fa59b39acb9 代码:ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 F8 48 89 89 F7 48 89 D6 48 89 CA 4d 89 C2 4D 89 C8 4C 8B 4C 24 08 0f 05 <48> 3d 01 F0 FF FF 73 01 C3 48 C7 C7 C1 E8 FF FF F7 D8 64 89 01 48 RSP: 002b:00007fa5995f6028 EFLAGS:00000246 ORIG_RAX:0000000000000001 RAX:ffffffda RBX:00007fa59b615fa0 RCX:00007fa59b39acb9 RDX:
 0000000000000008 RSI:0000200000000080 RDI:0000000000000007 RBP:00007fa59b408bf7 R08:---truncated--- (CVE-2026-23167)

请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://ubuntu.com/security/CVE-2026-23167

插件详情

严重性: Medium

ID: 299320

文件名: unpatched_CVE_2026_23167.nasl

版本: 1.14

类型: Local

代理: unix

系列: Misc.

发布时间: 2026/2/17

最近更新时间: 2026/5/25

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Medium

分数: 4.4

CVSS v2

风险因素: Medium

基本分数: 6.3

时间分数: 5.4

矢量: CVSS2#AV:L/AC:M/Au:N/C:N/I:C/A:C

CVSS 分数来源: CVE-2026-23167

CVSS v3

风险因素: Medium

基本分数: 4.7

时间分数: 4.3

矢量: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

时间矢量: CVSS:3.0/E:U/RL:U/RC:C

漏洞信息

CPE: cpe:/o:canonical:ubuntu_linux:20.04:-:lts, cpe:/o:canonical:ubuntu_linux:24.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-aws-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-ibm, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-raspi2, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-xilinx, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-aws, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14, p-cpe:/a:canonical:ubuntu_linux:linux-xilinx-zynqmp, p-cpe:/a:canonical:ubuntu_linux:linux-gcp, p-cpe:/a:canonical:ubuntu_linux:linux-azure, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-ibm-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.5, cpe:/o:canonical:ubuntu_linux:25.10, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.6, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.8, cpe:/o:canonical:ubuntu_linux:18.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-bluefield, p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-allwinner-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-raspi-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-iot-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-gkeop, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-edge, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.13, p-cpe:/a:canonical:ubuntu_linux:linux, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-iot, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gke-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-nvidia, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.0, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-gke, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.19, p-cpe:/a:canonical:ubuntu_linux:linux-intel-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-lts-xenial, p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-tegra, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13, p-cpe:/a:canonical:ubuntu_linux:linux-azure-nvidia-6.14, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-starfive-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-riscv-5.11, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-4.15, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.1, p-cpe:/a:canonical:ubuntu_linux:linux-nvidia-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-riscv, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.17, p-cpe:/a:canonical:ubuntu_linux:linux-azure-fde-6.2, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.3, p-cpe:/a:canonical:ubuntu_linux:linux-azure-6.11, p-cpe:/a:canonical:ubuntu_linux:linux-hwe, p-cpe:/a:canonical:ubuntu_linux:linux-kvm, p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.8, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.17, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.2, cpe:/o:canonical:ubuntu_linux:14.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.0, p-cpe:/a:canonical:ubuntu_linux:linux-raspi, p-cpe:/a:canonical:ubuntu_linux:linux-oem-6.5, p-cpe:/a:canonical:ubuntu_linux:linux-oracle, p-cpe:/a:canonical:ubuntu_linux:linux-aws-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.19, cpe:/o:canonical:ubuntu_linux:16.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:linux-hwe-6.8, p-cpe:/a:canonical:ubuntu_linux:linux-realtime, p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4

必需的 KB 项: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2026/2/14

参考资料信息

CVE: CVE-2026-23167