Azure Linux 3.0 安全更新内核 (CVE-2024-42245)

medium Nessus 插件 ID 295904

语言：

简介

远程 Azure Linux 主机缺少一个或多个安全更新。

描述

远程 Azure Linux 3.0 主机上安装的内核版本低于测试的版本。因此，该程序受到 CVE-2024-42245 公告中提及的一个漏洞影响。

- 已修复 Linux 内核中的下列漏洞：Revert sched/fair: Make sure to try to detach at least one movable task This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06.
b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned. The goal of the patch was to make it more likely to be able to detach a task buried in a long list of pinned tasks. However, this has the unfortunate side effect of creating an O(n) iteration in detach_tasks(), as we now must fully iterate every task on a cpu if all or most are pinned. Since this load balance code is done with rq lock held, and often in softirq context, it is very easy to trigger hard lockups. We observed such hard lockups with a user who affined O(10k) threads to a single cpu. When I discussed this with Vincent he initially suggested that we keep the limit on the number of tasks to detach, but increase the number of tasks we can search. However, after some back and forth on the mailing list, he recommended we instead revert the original patch, as it seems likely no one was actually getting hit by the original issue. (CVE-2024-42245)

请注意，Nessus 尚未测试此问题，而是只依据应用程序自我报告的版本号进行判断。