Azure Linux 3.0 セキュリティ更新カーネルCVE-2024-46757
high Nessus プラグイン ID 215846
Language:
概要
リモートの Azure Linux ホストに 1 つ以上のセキュリティ更新プログラムがありません。説明
リモートの Azure Linux 3.0 ホストにインストールされているカーネルのバージョンは、テスト済みのバージョンより前です。したがって、CVE-2024-46757 のアドバイザリに記載されている脆弱性の影響を受けます。- 2024 年 10 月 24 日 CVE-2024-46828 がこのアドバイザリに追加されました。 2024 年 10 月 24 日 CVE-2024-46840 がこのアドバイザリに追加されました。 2024 年 10 月 24 日 CVE-2024-46822 がこのアドバイザリに追加されました。 2024 年 10 月 24 日 CVE-2024-46829 がこのアドバイザリに追加されました。Linux カーネルでは、次の脆弱性が解決しています ima: Fix use-after-free on a dentry's dname.name (CVE-2024-39494) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning (CVE-2024-46722) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning (CVE-2024-46723) In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (CVE-2024-46738) In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (CVE-2024-46739) In the Linux kernel, the following vulnerability has been resolved:
of/irq: Prevent device address out-of-bounds read in interrupt map walk (CVE-2024-46743) In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size (CVE-2024-46744) In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots (CVE-2024-46745) In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() (CVE-2024-46750) In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (CVE-2024-46756) In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (CVE-2024-46757) In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm95234) Fix underflows seen when writing limit attributes (CVE-2024-46758) In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes (CVE-2024-46759) In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. (CVE-2024-46771) In the Linux kernel, the following vulnerability has been resolved: udf:
Avoid excessive partition lengths (CVE-2024-46777) In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs (CVE-2024-46780) In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error (CVE-2024-46781) In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782) In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() (CVE-2024-46783) In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (CVE-2024-46798) In the Linux kernel, the following vulnerability has been resolved: sch/netem:
fix use after free in netem_dequeue (CVE-2024-46800) In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (CVE-2024-46822) In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness (CVE-2024-46828) In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling (CVE-2024-46829) In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete (CVE-2024-46840) (CVE-2024-46757)
Nessus はこの問題をテストしておらず、代わりにアプリケーションが自己報告するバージョン番号にのみ依存していることに注意してください。
ソリューション
影響を受けるパッケージを更新してください。参考資料
プラグインの詳細
深刻度: High
ID: 215846
ファイル名: azure_linux_CVE-2024-46757.nasl
バージョン: 1.1
タイプ: local
公開日: 2025/2/10
更新日: 2025/2/10
サポートされているセンサー: Nessus
リスク情報
CVSS v2
リスクファクター: Medium
基本値: 6.8
現状値: 5
ベクトル: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS スコアのソース: CVE-2024-46757
CVSS v3
リスクファクター: High
基本値: 7.8
現状値: 6.8
ベクトル: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C
脆弱性情報
CPE: p-cpe:/a:microsoft:azure_linux:kernel-debuginfo, p-cpe:/a:microsoft:azure_linux:kernel-devel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-gpu, p-cpe:/a:microsoft:azure_linux:kernel-dtb, p-cpe:/a:microsoft:azure_linux:python3-perf, p-cpe:/a:microsoft:azure_linux:kernel-docs, x-cpe:/o:microsoft:azure_linux, p-cpe:/a:microsoft:azure_linux:kernel, p-cpe:/a:microsoft:azure_linux:kernel-drivers-sound, p-cpe:/a:microsoft:azure_linux:bpftool, p-cpe:/a:microsoft:azure_linux:kernel-drivers-accessibility, p-cpe:/a:microsoft:azure_linux:kernel-tools
必要な KB アイテム: Host/local_checks_enabled, Host/cpu, Host/AzureLinux/release, Host/AzureLinux/rpm-list
エクスプロイトの容易さ: No known exploits are available
パッチ公開日: 2025/1/14
脆弱性公開日: 2024/9/18
参照情報
CVE: CVE-2024-46757