Linux Distros 未修补的漏洞：CVE-2026-43016

high Nessus 插件 ID 311591

语言：

简介

Linux/Unix 主机上安装的一个或多个程序包存在漏洞，但供应商表示不会修补此漏洞。

描述

Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响，而供应商没有提供补丁程序。

- bpf：sockmap：修复 sk->sk_socket 在 sk_psock_verdict_data_ready 1（）中 use-after-free 的。SyzBot报告AF_UNIX套筒的SK->sk_socket在sk_psock_verdict_data_ready（）中使用后免费。[0] 在 unix_stream_sendmsg（）中，节点套接字的 ->sk_data_ready（）在丢弃其 unix_state_lock（）后被调用。
虽然发送端套接字保存对端的引用计数，但它不会阻止对端的sock_orphan（），并且对端的sk_socket可能会在一个RCU宽限期后被释放。我们在sk_psock_verdict_data_ready（）中获取对等节点在RCU下的sk->sk_socket和sk->sk_socket->ops。[0]： BUG： KASAN： slab-use-after-free in in sk_psock_verdict_data_ready+0xec/0x590 net/core/skmsg.c：1278 任务 syz.4.1842/11013 读取大小为 8 at addr ffff8880594da860 由任务 syz.4.1842/11013 CPU： 1 UID： 0 PID： 11013 通信： syz.4.1842 未受污染 syzkaller #0 抢占（完整）硬件名称：Google Google Compute Engine/Google Compute Engine， BIOS Google 2026/02/12 呼叫追踪：
<TASK> dump_stack_lvl+0xe8/0x150 lib/dump_stack.c：120 print_address_description MM/KASAN/REPORT.C：378 [内联] print_report+0xba/0x230 MM/Kasan/report.C：482 kasan_report+0x117/0x150 MM/Kasan/report.C：595 sk_psock_verdict_data_ready+0xec/0x590 net/core/skmsg.c：1278 unix_stream_sendmsg+0x8a3/0xe80 net/unix/af_unix.c：2482 sock_sendmsg_nosec net/socket.c：721 [内联] __sock_sendmsg net/socket.c：736 [内联] ____sys_sendmsg+0x972/0x9f0 net/socket.c：2585 ___sys_sendmsg+0x2a5/0x360 net/socket.c：2639
__sys_sendmsg net/socket.c：2671 [内联] __do_sys_sendmsg net/socket.c：2676 [内联] __se_sys_sendmsg net/socket.c：2674 [内联] __x64_sys_sendmsg+0x1bd/0x2a0 net/socket.c：2674 do_syscall_x64 arch/x86/entry/syscall_64.c：63 [内联] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c：94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP： 0033：0x7facf899c819 代码：ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff ff 73 01 c3 48 c7 c1 e8 ff f7 d8 64 89 01 48 RSP： 002b：00007facf9827028 EFLAGS：00000246 ORIG_RAX：000000000000002e RAX：ffffffda RBX：00007facf8c15fa0 RCX：00007facf899c819 RDX：
000000000000000 RSI： 0000200000000500 RDI： 0000000000000004 RBP： 00007facf8a32c91 ： 000000000000000000 R09： 00 0000000000000246 R12R13000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 R10R11R08
00007facf8c16038 R14： 00007facf8c15fa0 R15： 00007ffd41B01c78 </TASK> 任务11013分配：
kasan_save_stack MM/kasan/common.c：57 [内联] kasan_save_track+0x3e/0x80 mm/kasan/common.c：78 unpoison_slab_object mm/kasan/common.c：340 [内联] __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c：366 kasan_slab_alloc include/linux/kasan.h：253 [内联] slab_post_alloc_hook mm/slub.c：4538 [内联] slab_alloc_node mm/slub.c：4866 [内联] kmem_cache_alloc_lru_noprof+0x2b8/0x640 mm/slub.c：4885 sock_alloc_inode+0x28/0xc0 net/socket.c：316alloc_inode+0x6a/0x1b0 FS/inode.c：347 new_inode_pseudo include/linux/fs.h：3003 [内联] sock_alloc net/socket.c：631 [内联] __sock_create+0x12d/0x9d0 net/socket.c：1562 sock_create net/socket.c：1656 [内联] __sys_socketpair+0x1c4/0x560 net/socket.c：1803
__do_sys_socketpair net/socket.c：1856 [在线] __se_sys_socketpair net/socket.c：1853 [在线]
__x64_sys_socketpair+0x9b/0xb0 net/socket.c：1853 do_syscall_x64 arch/x86/entry/syscall_64.c：63 [内联] do_syscall_64+0x14d/0xf80 arch/x86/entry/syscall_64.c：94 entry_SYSCALL_64_after_hwframe+0x77/0x7f 任务15释放：kasan_save_stack mm/kasan/common.c：57 [内联] kasan_save_track+0x3e/0x80 mm/kasan/common.c：78 kasan_save_free_info+0x46/0x50 mm/kasan/generic.c：584 poison_slab_object mm/kasan/common.c：253 [内文]
__kasan_slab_free+0x5c/0x80 MM/kasan/common.c：285 kasan_slab_free include/linux/kasan.h：235 [内联] slab_free_hook mm/slub.c：2685 [内联] slab_free mm/slub.c：6165 [内联] kmem_cache_free+0x187/0x630 mm/slub.c：6295 rcu_do_batch kernel/rcu/tree.c： ---truncated--- （CVE-2026-43016）

请注意，Nessus 依赖供应商报告的程序包是否存在进行判断。

解决方案

目前尚未有任何已知的解决方案。

另见

https://access.redhat.com/security/cve/cve-2026-43016

https://security-tracker.debian.org/tracker/CVE-2026-43016

插件详情

严重性: High

ID: 311591

文件名: unpatched_CVE_2026_43016.nasl

版本: 1.1

类型: Local

代理: unix

系列: Misc.

发布时间: 2026/5/2

最近更新时间: 2026/5/2

支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

风险信息

VPR

风险因素: Medium

分数: 6.7

CVSS v2

风险因素: Medium

基本分数: 6.1

时间分数: 5.2

矢量: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

CVSS 分数来源: CVE-2026-43016

CVSS v3

风险因素: High

基本分数: 7.8

时间分数: 7.1

矢量: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

时间矢量: CVSS:3.0/E:U/RL:U/RC:C

漏洞信息

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, cpe:/o:redhat:enterprise_linux:10, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:libperf-devel, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:debian:debian_linux:linux, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-ipaclones-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra-matched, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-kvm

必需的 KB 项: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier

易利用性: No known exploits are available

漏洞发布日期: 2026/5/1

参考资料信息

CVE: CVE-2026-43016