Linux Distros 未修补的漏洞:CVE-2026-46156
critical Nessus 插件 ID 317565
语言:
简介
Linux/Unix 主机上安装的一个或多个程序包存在漏洞,但供应商表示不会修补此漏洞。描述
Linux/Unix 主机中安装的一个或多个程序包受到一个漏洞影响,而供应商没有提供补丁程序。- LoongArch:修复 loongson_gpu_fixup_dma_hang() 中潜在的 ADE loongson_gpu_fixup_dma_hang() 中的开关情况可能不是 DC2 或 DC3,readl(crtc_reg) 将使用随机地址访问,因为设备来自 base+PCI_DEVICE_ID,base 来自 pdev->devfn+1。当我的平台插入独立 GPU 时,这是错误的:lspci -tv -[0000:00]-+-00.0 龙芯科技有限责任公司超传输桥控制器 ... +-06.0 龙芯科技有限责任公司 LG100 GPU +-06.2 龙芯科技有限责任公司设备 7a37 ... 添加默认切换案例以修复错误,如下所示: Kernel ade access[#1]: CPU: 0 PID: 1 Comm:
swapper/0 未受感染 6.6.. 136-loong64-desktop-hwe+ #4 pc 900000000017e5534 RA 90000000017e54c0 tp 900000001002f8000 sp 90000001002fb6c0 a0 80000efe000003100 a1 0000000000003100 a2 00000000000000000 a3 0000000000000002 a4 90000001002fb6b4 a5 900000087cdb58fd a6 90000000027af000 0 a7 0000000000000001 t0 0000000000000085b9 t1 000000000000ffff t2 0000000000000000 t3 0000000000000000 t4 ffffffffd t5 0000000000fffb6d9c t6 00000000000083b00 t7 0000000000070c0 t8 900000087cdb4d94 u0 900000087cdb58fd s990000001002fb826 s0 90000000031c12c8 s1 7ffffffffffffff00 s2 900000000031c12d0 s3 0000000000002710 s4 00000000000000000 s5 0000000000000000 s6 9000000100053000 s7 7ffffffffffffff00 s8 900000000030d4000 RA:
90000000017e54c0 loongson_gpu_fixup_dma_hang+0x40/0x210 ERA: 90000000017e5534 loongson_gpu_fixup_dma_hang+0xb4/0x210 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD:
00000004 (PPLV0 +PIE -PWE) EUEN:00000000 (-FPE -SXE -ASXE -BTE) ECFG:00071c1d (LIE=0,2-4,) 10-12 VS=7) ESTAT: 00480000 [ADEM] (IS= ECode=8 EsubCode=1) BADV: 7fffffffffffff00 PRID: 0014d000 (龙芯-64bit, 龙芯-3A6000-HV) 链接的模块: 进程 swapper/0 (PID: 1, threadinfo=(____ptrval____), task=(____ptrval____)) 堆栈: 0000000000000006 90000001002fb778 90000001002fb704 0000000000000007 0000000016a65700 90000000017e5690 00000000000ffffff ffff 9000000000209f7c09000000100053000 9000000000209f7a8 900000000000eebc08 00000000000000000000000000 0000000000000006 900000001002fb778 900000001000530b8 900000000027af000 000000000000000 9000000100054000 9000000100053000 9000000000ebb70c 90000000100004c0 9000000004000001 0 90000001002fb7e4 bae765461f31cb12 000000000000000000000000000 0000000000000006 90000000027af000 0000000000000030 9000000027af000 900000087cd6f800 9000000100053000 000000000000000000 90000000000ebc560 7a2500147cdaf720bae765461f31cb12 0000000000000001 0000000000000030 ...
调用跟踪:[<90000000017e5534>] loongson_gpu_fixup_dma_hang+0xb4/0x210 [<9000000000eebc08>] pci_fixup_device+0x108/0x280 [<9000000000ebb70c>] pci_setup_device+0x24c/0x690 [<9000000000ebc560>] pci_scan_single_device+0xe0/0x140 [<9000000000ebc684>] pci_scan_slot+0xc4/0x280 [<9000000000ebdd00>] pci_scan_child_bus_extend+0x60/0x3f0 [<9000000000f5bc94>] acpi_pci_root_create+0x2b4/0x420 [<90000000017e5e74>] pci_acpi_scan_root+0x2d4/0x440 [<9000000000f5b02c>] acpi_pci_root_add+0x21c/0x3a0 [<9000000000f4ee54>] acpi_bus_attach+0x1a4/0x3c0 [<90000000010e200c>] device_for_each_child+0x6c/0xe0 [<9000000000f4bbf4>] acpi_dev_for_each_child+0x44/0x70 [<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0 [<90000000010e200c>] device_for_each_child+0x6c/0xe0 [<9000000000f4bbf4>] acpi_dev_for_each_child+0x44/0x70 [<9000000000f4ef40>] acpi_bus_attach+0x290/0x3c0 [<9000000000f5211c>] acpi_bus_scan+0x6c/0x280 [<900000000189c028>] acpi_scan_init+0x194/0x310 [<900000000189bc6c>] acpi_init+0xcc/0x140 [<9000000000220cdc>] do_one_initcall+0x4c/0x310 [<90000000018618fc>] kernel_init_freeable+0x258/0x2d4 [<900000000184326c>] kernel_init+0x28/0x13c [<9000000000222008>] ret_from_kernel_thread+0xc/0xa4 (CVE-2026-46156)
请注意,Nessus 依赖供应商报告的程序包是否存在进行判断。
解决方案
目前尚未有任何已知的解决方案。另见
插件详情
严重性: Critical
ID: 317565
文件名: unpatched_CVE_2026_46156.nasl
版本: 1.1
类型: Local
代理: unix
系列: Misc.
发布时间: 2026/5/29
最近更新时间: 2026/5/29
支持的传感器: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
CVSS v2
风险因素: High
基本分数: 7.5
时间分数: 6.4
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 分数来源: CVE-2026-46156
CVSS v3
风险因素: Critical
基本分数: 9.8
时间分数: 9
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:U/RL:U/RC:C
漏洞信息
CPE: p-cpe:/a:debian:debian_linux:linux, cpe:/o:debian:debian_linux:12.0
必需的 KB 项: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier
易利用性: No known exploits are available
漏洞发布日期: 2026/5/28
参考资料信息
CVE: CVE-2026-46156