Amazon Linux 2023:bpftool6.12、kernel6.12、kernel6.12-devel (ALAS2023-2026-1487)
high Nessus 插件 ID 304272
语言:
简介
远程 Amazon Linux 2023 主机缺少安全更新。描述
因此,该软件受到 ALAS2023-2026-1487 公告中提及的多个漏洞影响。在 Linux 内核中,以下漏洞已修复:
md:通过 sysfs (CVE-2025-71225) 更新raid_disks时暂停数组
在 Linux 内核中,以下漏洞已修复:
btrfs:修复插入内联 extent (CVE-2025-71268) 时某些错误路径中的保留泄漏
在 Linux 内核中,以下漏洞已修复:
netfilter:nf_tables:修复 nft_map_catchall_activate() (CVE-2026-23111) 中的反转 genmask 检查
在 Linux 内核中,以下漏洞已修复:
net:修复转发链表 GRO (CVE-2026-23154) 的分段
在 Linux 内核中,以下漏洞已修复:
efivarfs:修复 efivar_entry_get() (CVE-2026-23156) 中的错误传播
在 Linux 内核中,以下漏洞已修复:
perf:sched:使用新的 is_user_task() 辅助函数 (CVE-2026-23159) 修复 perf 崩溃
在 Linux 内核中,以下漏洞已修复:
mm/shmem,swap:修复截断和交换条目拆分 (CVE-2026-23161) 的争用
在 Linux 内核中,以下漏洞已修复:
flex_proportions:使 fprop_new_period() hardirq 安全 (CVE-2026-23168)
在 Linux 内核中,以下漏洞已修复:
mptcp:修复 mptcp_pm_nl_flush_addrs_doit() 中的争用 (CVE-2026-23169)
在 Linux 内核中,以下漏洞已修复:
net/mlx5e:TC,仅删除现有对等机的流 (CVE-2026-23173)
在 Linux 内核中,以下漏洞已修复:
mm、shmem:防止截断争用 (CVE-2026-23177) 时的无限循环
在 Linux 内核中,以下漏洞已修复:
ceph:修复 ceph_mds_auth_match() 中的空指针取消引用 (CVE-2026-23189)
在 Linux 内核中,以下漏洞已修复:
scsi:target:iscsi:修复 iscsit_dec_session_usage_count() (CVE-2026-23193) 中的释放后使用
在 Linux 内核中,以下漏洞已修复:
KVM:取消分配 irqfd (CVE-2026-23198) 时不强制改写 irqfd 路由类型
在 Linux 内核中,以下漏洞已修复:
procfs:避免在保持 VMA 锁 () 时提取版本 IDCVE-2026-23199
在 Linux 内核中,以下漏洞已修复:
ipv6:修复清除 RTF_ADDRCONF (CVE-2026-23200) 时的 ECMP 同级计数不匹配
在 Linux 内核中,以下漏洞已修复:
ceph:修复因 parse_longname()CVE-2026-23201 中的 kfree() 指针无效而导致的 oops
在 Linux 内核中,以下漏洞已修复:
spi:tegra210-quad:保护 tegra_qspi_combined_seq_xfer 中的curr_xfer (CVE-2026-23202)
在 Linux 内核中,以下漏洞已修复:
net/sched:cls_u32:使用 skb_header_pointer_careful() (CVE-2026-23204)
在 Linux 内核中,以下漏洞已修复:
smb/client:修复 smb2_open_file() 中的内存泄漏 (CVE-2026-23205)
在 Linux 内核中,以下漏洞已修复:
macvlan:修复 macvlan_common_newlink() 中的错误恢复 (CVE-2026-23209)
在 Linux 内核中,以下漏洞已修复:
bonding:注解 slave->last_rx 相关的数据争用 (CVE-2026-23212)
在 Linux 内核中,以下漏洞已修复:
btrfs:如果 fs 完全只读,则拒绝新事务 (CVE-2026-23214)
在 Linux 内核中,以下漏洞已修复:
x86/vmware:修复超级调用重写器 (CVE-2026-23215)
在 Linux 内核中,以下漏洞已修复:
scsi:target:iscsi:修复 iscsit_dec_conn_usage_count() (CVE-2026-23216) 中的释放后使用
在 Linux 内核中,以下漏洞已修复:
mm/slab:为 memcg_alloc_abort_single 添加 alloc_tagging_slab_free_hook (CVE-2026-23219)
在 Linux 内核中,以下漏洞已修复:xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type before any freeing could happen. The correct temporal ordering was broken when we removed xfs_btnum_t.
(CVE-2026-23223)
在 Linux 内核中,以下漏洞已修复:erofs: fix UAF issue for file-backed mounts w/ directio option [ 9.269940][ T3222] Call trace: [ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108 [ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198 [ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180 [ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24 [ 9.270030][T3222] z_erofs_runqueue+0x834/0x8ac [ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220 [ 9.270083][ T3222] filemap_read_folio+0x60/0x120 [ 9.270102][ T3222] filemap_fault+0xcac/0x1060 [ 9.270119][ T3222] do_pte_missing+0x2d8/0x1554 [ 9.270131][ T3222] handle_mm_fault+0x5ec/0x70c [ 9.270142][ T3222] do_page_fault+0x178/0x88c [ 9.270167][ T3222] do_translation_fault+0x38/0x54 [ 9.270183][ T3222] do_mem_abort+0x54/0xac [ 9.270208][ T3222] el0_da+0x44/0x7c [ 9.270227][ T3222] el0t_64_sync_handler+0x5c/0xf4 [ 9.270253][ T3222] el0t_64_sync+0x1bc/0x1c0 EROFS may encounter above panic when enabling file-backed mount w/ directio mount option, the root cause is it may suffer UAF in below race condition: - z_erofs_read_folio wq s_dio_done_wq - z_erofs_runqueue - erofs_fileio_submit_bio - erofs_fileio_rq_submit - vfs_iocb_iter_read - ext4_file_read_iter - ext4_dio_read_iter - iomap_dio_rw :
bio was submitted and return -EIOCBQUEUED - dio_aio_complete_work - dio_complete - dio->iocb->ki_complete (erofs_fileio_ki_complete()) - kfree(rq) : it frees iocb, iocb.ki_filp can be UAF in file_accessed(). - file_accessed : access NULL file point Introduce a reference count in struct erofs_fileio_rq, and initialize it as two, both erofs_fileio_ki_complete() and erofs_fileio_rq_submit() will decrease reference count, the last one decreasing the reference count to zero will free rq. (CVE-2026-23224)
在 Linux 内核中,以下漏洞已修复:smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Bitfield assignments generate byte read-modify-write operations (e.g. `orb $mask, addr` on x86_64), so updating one flag can restore stale values of the others. A possible interleaving is: CPU1: load old byte (has_lease=1, on_list=1) CPU2: clear both flags (store 0) CPU1: RMW store (old | IS_OPEN) -> reintroduces cleared bits To avoid this class of races, convert these flags to separate bool fields. (CVE-2026-23230)
在 Linux 内核中,以下漏洞已修复:
net:gro:修复外部网络偏移 (CVE-2026-23254)
在 Linux 内核中,以下漏洞已修复:
regmap:maple:mas_store_gfp() 失败时释放进入 (CVE-2026-23260)
在 Linux 内核中,以下漏洞已修复:
driver core:强制device_lock driver_match_device() (CVE-2026-31688)
Tenable 已直接从测试产品的安全公告中提取上述描述块。
请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
运行“dnf update kernel6.12 --releasever 2023.10.20260325”或“dnf update --advisory ALAS2023-2026-1487 --releasever 2023.10.20260325”以更新系统。另见
https://alas.aws.amazon.com//AL2023/ALAS2023-2026-1487.html
https://alas.aws.amazon.com/faqs.html
https://explore.alas.aws.amazon.com/CVE-2025-71225.html
https://explore.alas.aws.amazon.com/CVE-2025-71268.html
https://explore.alas.aws.amazon.com/CVE-2026-23111.html
https://explore.alas.aws.amazon.com/CVE-2026-23154.html
https://explore.alas.aws.amazon.com/CVE-2026-23156.html
https://explore.alas.aws.amazon.com/CVE-2026-23159.html
https://explore.alas.aws.amazon.com/CVE-2026-23161.html
https://explore.alas.aws.amazon.com/CVE-2026-23168.html
https://explore.alas.aws.amazon.com/CVE-2026-23169.html
https://explore.alas.aws.amazon.com/CVE-2026-23173.html
https://explore.alas.aws.amazon.com/CVE-2026-23177.html
https://explore.alas.aws.amazon.com/CVE-2026-23189.html
https://explore.alas.aws.amazon.com/CVE-2026-23193.html
https://explore.alas.aws.amazon.com/CVE-2026-23198.html
https://explore.alas.aws.amazon.com/CVE-2026-23199.html
https://explore.alas.aws.amazon.com/CVE-2026-23200.html
https://explore.alas.aws.amazon.com/CVE-2026-23201.html
https://explore.alas.aws.amazon.com/CVE-2026-23202.html
https://explore.alas.aws.amazon.com/CVE-2026-23204.html
https://explore.alas.aws.amazon.com/CVE-2026-23205.html
https://explore.alas.aws.amazon.com/CVE-2026-23209.html
https://explore.alas.aws.amazon.com/CVE-2026-23212.html
https://explore.alas.aws.amazon.com/CVE-2026-23214.html
https://explore.alas.aws.amazon.com/CVE-2026-23215.html
https://explore.alas.aws.amazon.com/CVE-2026-23216.html
https://explore.alas.aws.amazon.com/CVE-2026-23219.html
https://explore.alas.aws.amazon.com/CVE-2026-23223.html
https://explore.alas.aws.amazon.com/CVE-2026-23224.html
https://explore.alas.aws.amazon.com/CVE-2026-23230.html
https://explore.alas.aws.amazon.com/CVE-2026-23254.html
插件详情
严重性: High
ID: 304272
文件名: al2023_ALAS2023-2026-1487.nasl
版本: 1.2
类型: Local
代理: unix
发布时间: 2026/3/30
最近更新时间: 2026/5/19
支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
CVSS v2
风险因素: Medium
基本分数: 6.8
时间分数: 5
矢量: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS 分数来源: CVE-2026-31688
CVSS v3
风险因素: High
基本分数: 7.8
时间分数: 6.8
矢量: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE: cpe:/o:amazon:linux:2023, p-cpe:/a:amazon:linux:python3-perf6.12, p-cpe:/a:amazon:linux:kernel6.12, p-cpe:/a:amazon:linux:kernel6.12-modules-extra, p-cpe:/a:amazon:linux:kernel6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:perf6.12, p-cpe:/a:amazon:linux:perf6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-debuginfo-common-aarch64, p-cpe:/a:amazon:linux:python3-perf6.12-debuginfo, p-cpe:/a:amazon:linux:bpftool6.12, p-cpe:/a:amazon:linux:bpftool6.12-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-devel, p-cpe:/a:amazon:linux:kernel6.12-headers, p-cpe:/a:amazon:linux:kernel6.12-libbpf, p-cpe:/a:amazon:linux:kernel6.12-libbpf-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-libbpf-devel, p-cpe:/a:amazon:linux:kernel6.12-libbpf-static, p-cpe:/a:amazon:linux:kernel6.12-modules-extra-common, p-cpe:/a:amazon:linux:kernel6.12-tools, p-cpe:/a:amazon:linux:kernel6.12-tools-debuginfo, p-cpe:/a:amazon:linux:kernel6.12-tools-devel, p-cpe:/a:amazon:linux:kernel-livepatch-6.12.73-95.123
必需的 KB 项: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
易利用性: No known exploits are available
补丁发布日期: 2026/3/27
漏洞发布日期: 2026/2/13
参考资料信息
CVE: CVE-2025-71225, CVE-2025-71268, CVE-2026-23111, CVE-2026-23154, CVE-2026-23156, CVE-2026-23159, CVE-2026-23161, CVE-2026-23168, CVE-2026-23169, CVE-2026-23173, CVE-2026-23177, CVE-2026-23189, CVE-2026-23193, CVE-2026-23198, CVE-2026-23199, CVE-2026-23200, CVE-2026-23201, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205, CVE-2026-23209, CVE-2026-23212, CVE-2026-23214, CVE-2026-23215, CVE-2026-23216, CVE-2026-23219, CVE-2026-23223, CVE-2026-23224, CVE-2026-23230, CVE-2026-23254, CVE-2026-23260, CVE-2026-31688