Linux Distros のパッチ未適用の脆弱性: CVE-2023-53582
high Nessus プラグイン ID 269402
Language:
概要
Linux/Unix ホストには、ベンダーにより修正されていないことを示す脆弱性を持つ複数のパッケージがインストールされています。説明
Linux/Unix ホストには、ベンダーが提供するパッチが利用できない脆弱性の影響を受ける複数のパッケージがインストールされています。- Linux カーネルでは、以下の脆弱性が解決されています: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of strreplace() in brcmf_c_preinit_dcmds().
This buffer is filled with a CLM version string by memcpy() in brcmf_fil_iovar_data_get(). Ensure buf is null-terminated. Found by a modified version of syzkaller. [ 33.004414][ T1896] brcmfmac:
brcmf_c_process_clm_blob: no clm_blob available (err=-2), device may have limited channels available [33.013486][ T1896] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM43236/3 wl0: Nov 30 2011 17:33:42 version 5.90.188.22 [ 33.021554][ T1896] ================================================================== [33.022379][ T1896] BUG: KASAN: stack-out-of-bounds in strreplace+0xf2/0x110 [ 33.023122][ T1896] Read of size 1 at addr ffffc90001d6efc8 by task kworker/0:2/1896 [ 33.023852][ T1896] [ 33.024096][ T1896] CPU: 0 PID: 1896 Comm: kworker/0:2 Tainted: G O 5.14.0+ #132 [ 33.024927][ T1896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 33.026065][ T1896] Workqueue: usb_hub_wq hub_event [ 33.026581][ T1896] Call Trace: [ 33.026896][ T1896] dump_stack_lvl+0x57/0x7d [ 33.027372][ T1896] print_address_description.constprop.0.cold+0xf/0x334 [33.028037][ T1896] ? strreplace+0xf2/0x110 [ 33.028403][ T1896] ? strreplace+0xf2/0x110 [ 33.028807][T1896] kasan_report.cold+0x83/0xdf [ 33.029283][ T1896] ? strreplace+0xf2/0x110 [ 33.029666][ T1896] strreplace+0xf2/0x110 [ 33.029966][ T1896] brcmf_c_preinit_dcmds+0xab1/0xc40 [ 33.030351][ T1896] ? brcmf_c_set_joinpref_default+0x100/0x100 [ 33.030787][ T1896] ? rcu_read_lock_sched_held+0xa1/0xd0 [33.031223][ T1896] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 33.031661][ T1896] ? lock_acquire+0x19d/0x4e0 [33.032091][ T1896] ? find_held_lock+0x2d/0x110 [ 33.032605][ T1896] ? brcmf_usb_deq+0x1a7/0x260 [33.033087][ T1896] ? brcmf_usb_rx_fill_all+0x5a/0xf0 [ 33.033582][ T1896] brcmf_attach+0x246/0xd40 [33.034022][ T1896] ? wiphy_new_nm+0x1476/0x1d50 [ 33.034383][ T1896] ? kmemdup+0x30/0x40 [ 33.034722][T1896] brcmf_usb_probe+0x12de/0x1690 [ 33.035223][ T1896] ? brcmf_usbdev_qinit.constprop.0+0x470/0x470 [33.035833][ T1896] usb_probe_interface+0x25f/0x710 [ 33.036315][ T1896] really_probe+0x1be/0xa90 [33.036656][ T1896] __driver_probe_device+0x2ab/0x460 [ 33.037026][ T1896] ? usb_match_id.part.0+0x88/0xc0 [ 33.037383][ T1896] driver_probe_device+0x49/0x120 [ 33.037790][ T1896]
__device_attach_driver+0x18a/0x250 [ 33.038300][ T1896] ? driver_allows_async_probing+0x120/0x120 [33.038986][ T1896] bus_for_each_drv+0x123/0x1a0 [ 33.039906][ T1896] ? bus_rescan_devices+0x20/0x20 [33.041412][ T1896] ? lockdep_hardirqs_on_prepare+0x273/0x3e0 [ 33.041861][ T1896] ? trace_hardirqs_on+0x1c/0x120 [ 33.042330][ T1896] __device_attach+0x207/0x330 [ 33.042664][ T1896] ? device_bind_driver+0xb0/0xb0 [ 33.043026][ T1896] ? kobject_uevent_env+0x230/0x12c0 [ 33.043515][ T1896] bus_probe_device+0x1a2/0x260 [ 33.043914][ T1896] device_add+0xa61/0x1ce0 [ 33.044227][ T1896] ?
__mutex_unlock_slowpath+0xe7/0x660 [ 33.044891][ T1896] ? __fw_devlink_link_to_suppliers+0x550/0x550 [33.045531][ T1896] usb_set_configuration+0x984/0x1770 [ 33.046051][ T1896] ? kernfs_create_link+0x175/0x230 [ 33.046548][ T1896] usb_generic_driver_probe+0x69/0x90 [ 33.046931][T1896] usb_probe_device+0x9c/0x220 [ 33.047434][ T1896] really_probe+0x1be/0xa90 [ 33.047760][ T1896]
__driver_probe_device+0x2ab/0x460 [ 33.048134][ T1896] driver_probe_device+0x49/0x120 [ 33.048516][ T1896]
__device_attach_driver+0x18a/0x250 [ 33.048910][ T1896] ? driver_allows_async_probing+0x120/0x120
---truncated--- (CVE-2023-53582)
Nessus は、ベンダーによって報告されたパッケージの存在に依存していることに注意してください。
ソリューション
現時点で既知の解決策はありません。参考資料
プラグインの詳細
深刻度: High
ID: 269402
ファイル名: unpatched_CVE_2023_53582.nasl
バージョン: 1.1
タイプ: local
エージェント: unix
ファミリー: Misc.
公開日: 2025/10/8
更新日: 2025/10/8
サポートされているセンサー: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
リスク情報
VPR
リスクファクター: Medium
スコア: 6.0
CVSS v2
リスクファクター: High
基本値: 7.8
現状値: 5.8
ベクトル: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS スコアのソース: CVE-2023-53582
CVSS v3
リスクファクター: High
基本値: 7.7
現状値: 6.7
ベクトル: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C
脆弱性情報
CPE: p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules, p-cpe:/a:centos:centos:kernel-kdump, p-cpe:/a:centos:centos:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:centos:centos:rtla, p-cpe:/a:centos:centos:kernel-64k-debug-devel, cpe:/o:centos:centos:8, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-internal, p-cpe:/a:centos:centos:kernel-64k-debug-modules-core, p-cpe:/a:centos:centos:libperf, p-cpe:/a:centos:centos:python-perf, p-cpe:/a:centos:centos:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:centos:centos:kernel-64k-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:centos:centos:kernel-rt-64k-debug-modules-internal, p-cpe:/a:centos:centos:bpftool, p-cpe:/a:centos:centos:kernel-core, p-cpe:/a:centos:centos:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:centos:centos:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-selftests-internal, p-cpe:/a:redhat:enterprise_linux:kernel-modules-partner, p-cpe:/a:centos:centos:kernel-64k-debug-core, p-cpe:/a:centos:centos:kernel-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:centos:centos:kernel-kdump-devel, p-cpe:/a:centos:centos:kernel-rt-64k-modules, p-cpe:/a:centos:centos:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:python-perf, cpe:/o:centos:centos:7, p-cpe:/a:centos:centos:rv, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-core, p-cpe:/a:centos:centos:kernel-rt-selftests-internal, p-cpe:/a:redhat:enterprise_linux:bpftool, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:centos:centos:kernel-rt-debug-devel-matched, p-cpe:/a:centos:centos:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-internal, p-cpe:/a:centos:centos:kernel-modules-extra, p-cpe:/a:centos:centos:kernel-cross-headers, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt-addons, p-cpe:/a:centos:centos:kernel-doc, p-cpe:/a:centos:centos:kernel-64k-debug-modules-extra, p-cpe:/a:centos:centos:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:centos:centos:kernel-rt-64k-debug-kvm, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:centos:centos:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-ipaclones-internal, p-cpe:/a:centos:centos:kernel-rt-debug-kvm, p-cpe:/a:centos:centos:kernel-rt-debug-devel, p-cpe:/a:centos:centos:kernel-headers, p-cpe:/a:centos:centos:kernel-rt-modules-internal, p-cpe:/a:centos:centos:kernel-rt-64k-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-extra, p-cpe:/a:centos:centos:kernel-rt-debug-modules, p-cpe:/a:centos:centos:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-kvm, p-cpe:/a:centos:centos:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-kdump, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:centos:centos:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:centos:centos:kernel-64k-debug-modules, p-cpe:/a:centos:centos:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc, p-cpe:/a:centos:centos:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists, p-cpe:/a:centos:centos:kernel-rt-modules, p-cpe:/a:centos:centos:kernel-tools, p-cpe:/a:centos:centos:kernel-abi-stablelists, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:centos:centos:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:centos:centos:kernel-rt-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-internal, p-cpe:/a:centos:centos:kernel-rt-core, p-cpe:/a:centos:centos:kernel-rt-doc, p-cpe:/a:centos:centos:kernel-debug-uki-virt-addons, p-cpe:/a:centos:centos:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:centos:centos:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-partner, p-cpe:/a:centos:centos:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:centos:centos:kernel-rt-64k-debug-devel-matched, p-cpe:/a:centos:centos:kernel-zfcpdump-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:centos:centos:kernel-rt-64k-debug-modules-partner, p-cpe:/a:centos:centos:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:centos:centos:kernel-rt-debug-modules-extra, p-cpe:/a:centos:centos:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:centos:centos:libperf-devel, p-cpe:/a:centos:centos:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:centos:centos:kernel-rt-64k-modules-internal, p-cpe:/a:centos:centos:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:centos:centos:kernel-64k-modules-core, p-cpe:/a:centos:centos:kernel-64k-modules-partner, p-cpe:/a:centos:centos:kernel-64k-modules, p-cpe:/a:centos:centos:kernel-bootwrapper, p-cpe:/a:centos:centos:kernel-64k-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:centos:centos:kernel-debug, p-cpe:/a:centos:centos:kernel-selftests-internal, p-cpe:/a:centos:centos:kernel-rt-64k-debug, p-cpe:/a:centos:centos:perf, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:centos:centos:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel, p-cpe:/a:centos:centos:kernel-rt-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-partner, p-cpe:/a:centos:centos:kernel-rt-trace-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:centos:centos:kernel-modules-partner, p-cpe:/a:redhat:enterprise_linux:libperf-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel-matched, p-cpe:/a:centos:centos:kernel-zfcpdump-modules, p-cpe:/a:centos:centos:kernel-rt-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm, p-cpe:/a:centos:centos:kernel-rt-64k-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-kvm, p-cpe:/a:centos:centos:kernel-rt-trace-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers, p-cpe:/a:centos:centos:kernel-rt-64k-debug-modules-extra, p-cpe:/a:centos:centos:kernel-tools-libs-devel, p-cpe:/a:centos:centos:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:centos:centos:kernel-debug-uki-virt, p-cpe:/a:centos:centos:kernel-rt-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-partner, p-cpe:/a:centos:centos:kernel-64k-devel, p-cpe:/a:centos:centos:kernel-rt-trace, p-cpe:/a:redhat:enterprise_linux:kernel-headers, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-partner, p-cpe:/a:centos:centos:kernel-debug-core, p-cpe:/a:centos:centos:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-doc, p-cpe:/a:centos:centos:kernel-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:centos:centos:kernel-rt-debug-core, p-cpe:/a:centos:centos:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:centos:centos:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-selftests-internal, p-cpe:/a:centos:centos:kernel-rt-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-core, p-cpe:/a:centos:centos:kernel-ipaclones-internal, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:centos:centos:kernel-modules-core, p-cpe:/a:centos:centos:kernel-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:centos:centos:kernel-debug-modules-internal, p-cpe:/a:centos:centos:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-partner, p-cpe:/a:centos:centos:kernel-rt-modules-partner, p-cpe:/a:centos:centos:kernel-rt-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-internal, p-cpe:/a:centos:centos:kernel-rt-64k-core, p-cpe:/a:centos:centos:kernel-zfcpdump-modules-extra, p-cpe:/a:centos:centos:kernel-debug-modules-partner, p-cpe:/a:centos:centos:kernel-debug-modules-extra, p-cpe:/a:centos:centos:kernel-devel-matched, p-cpe:/a:centos:centos:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:centos:centos:kernel-rt-debug-modules-partner, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-partner, p-cpe:/a:centos:centos:kernel-abi-whitelists, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel, p-cpe:/a:centos:centos:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-internal, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-internal, p-cpe:/a:centos:centos:kernel-rt-64k-modules-extra, p-cpe:/a:centos:centos:kernel-rt
必要な KB アイテム: Host/local_checks_enabled, Host/cpu, global_settings/vendor_unpatched, Host/OS/identifier
エクスプロイトの容易さ: No known exploits are available
脆弱性公開日: 2025/10/4
参照情報
CVE: CVE-2023-53582