公告ID(KYSA-202306-1060)
公告ID:KYSA-202306-1060
公告摘要:kernel安全漏洞
等級(jí):Important
發(fā)布日期:2023-06-27
詳細(xì)介紹
1.修復(fù)的CVE
·CVE-2022-27672
描述:When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
·CVE-2022-4744
描述:在Linux內(nèi)核的TUN/TAP設(shè)備驅(qū)動(dòng)程序功能中發(fā)現(xiàn)了一個(gè)雙重免費(fèi)缺陷����,即當(dāng)register_netdevice函數(shù)(NETDEV_register通知程序)失敗時(shí),用戶如何注冊(cè)設(shè)備�。此缺陷允許本地用戶崩潰或可能升級(jí)其在系統(tǒng)上的權(quán)限。
·CVE-2023-0266
描述:在Linux內(nèi)核的sound/core/control.c中的ALSA子系統(tǒng)中發(fā)現(xiàn)了一個(gè)釋放后使用的缺陷���。此漏洞允許本地攻擊者導(dǎo)致釋放后使用問(wèn)題��。
·CVE-2023-0458
描述:A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the rlim variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit?739790605705ddcf18f21782b9c99ad7d53a8c11
·CVE-2023-0459
描述:No description is available for this CVE.
·CVE-2023-1611
描述:A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea
·CVE-2023-1838
描述:由于雙重fget���,在Linux內(nèi)核中virtio網(wǎng)絡(luò)子組件的drivers/vhost/net.c中的vhost_net_set_backend中發(fā)現(xiàn)了一個(gè)釋放后使用缺陷。此問(wèn)題可能使本地攻擊者使系統(tǒng)崩潰,并可能導(dǎo)致內(nèi)核信息泄漏問(wèn)題�。
·CVE-2023-2002
描述:A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.
·CVE-2023-20938
描述:在bind .c的binder_transaction_buffer_release中,由于不恰當(dāng)?shù)妮斎腧?yàn)證�,可能會(huì)在free之后使用����。這可能導(dǎo)致本地權(quán)限升級(jí),而不需要額外的執(zhí)行權(quán)限��。利用此漏洞不需要用戶交互�。
·CVE-2023-2162
描述:A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information.
·CVE-2023-2194
描述:An out-of-bounds write vulnerability was found in the Linux kernel s SLIMpro I2C device driver. The userspace data->block[0] variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution.
·CVE-2023-2248
描述:An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system.
·CVE-2023-2269
描述:在Linux內(nèi)核中發(fā)現(xiàn)一個(gè)缺陷,導(dǎo)致拒絕服務(wù)���。出現(xiàn)此問(wèn)題的原因可能是遞歸鎖定場(chǎng)景�����,導(dǎo)致Linux內(nèi)核設(shè)備映射器多路徑子組件drivers/md/dm ioctl.c中的table_clear出現(xiàn)死鎖�����。
·CVE-2023-30772
描述:The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
2.受影響的軟件包
·銀河麒麟高級(jí)服務(wù)器操作系統(tǒng) V10 SP2
·aarch64架構(gòu):
bpftool����、kernel、kernel-abi-whitelists���、kernel-core���、kernel-cross-headers、kernel-debug��、kernel-debug-core��、kernel-debug-devel�����、kernel-debug-modules���、kernel-debug-modules-extra�、kernel-debug-modules-internal�����、kernel-devel��、kernel-headers�����、kernel-modules、kernel-modules-extra����、kernel-modules-internal、kernel-tools����、kernel-tools-libs��、kernel-tools-libs-devel����、perf、python3-perf
·x86_64架構(gòu):
bpftool���、kernel����、kernel-abi-whitelists��、kernel-core�����、kernel-cross-headers、kernel-debug�����、kernel-debug-core�、kernel-debug-devel、kernel-debug-modules��、kernel-debug-modules-extra�、kernel-debug-modules-internal、kernel-devel�����、kernel-headers���、kernel-ipaclones-internal���、kernel-modules、kernel-modules-extra���、kernel-modules-internal���、kernel-tools��、kernel-tools-libs�、kernel-tools-libs-devel��、perf�����、python3-perf
3.軟件包修復(fù)版本
·銀河麒麟高級(jí)服務(wù)器操作系統(tǒng) V10 SP2 (aarch64)
bpftool-4.19.90-25.27.v2101.ky10或以上版本
kernel-4.19.90-25.27.v2101.ky10或以上版本
kernel-abi-whitelists-4.19.90-25.27.v2101.ky10或以上版本
kernel-core-4.19.90-25.27.v2101.ky10或以上版本
kernel-cross-headers-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-core-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-devel-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-modules-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10或以上版本
kernel-devel-4.19.90-25.27.v2101.ky10或以上版本
kernel-headers-4.19.90-25.27.v2101.ky10或以上版本
kernel-modules-4.19.90-25.27.v2101.ky10或以上版本
kernel-modules-extra-4.19.90-25.27.v2101.ky10或以上版本
kernel-modules-internal-4.19.90-25.27.v2101.ky10或以上版本
kernel-tools-4.19.90-25.27.v2101.ky10或以上版本
kernel-tools-libs-4.19.90-25.27.v2101.ky10或以上版本
kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10或以上版本
perf-4.19.90-25.27.v2101.ky10或以上版本
python3-perf-4.19.90-25.27.v2101.ky10或以上版本
·銀河麒麟高級(jí)服務(wù)器操作系統(tǒng) V10 SP2 (x86_64)
bpftool-4.19.90-25.27.v2101.ky10或以上版本
kernel-4.19.90-25.27.v2101.ky10或以上版本
kernel-abi-whitelists-4.19.90-25.27.v2101.ky10或以上版本
kernel-core-4.19.90-25.27.v2101.ky10或以上版本
kernel-cross-headers-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-core-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-devel-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-modules-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10或以上版本
kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10或以上版本
kernel-devel-4.19.90-25.27.v2101.ky10或以上版本
kernel-headers-4.19.90-25.27.v2101.ky10或以上版本
kernel-ipaclones-internal-4.19.90-25.27.v2101.ky10或以上版本
kernel-modules-4.19.90-25.27.v2101.ky10或以上版本
kernel-modules-extra-4.19.90-25.27.v2101.ky10或以上版本
kernel-modules-internal-4.19.90-25.27.v2101.ky10或以上版本
kernel-tools-4.19.90-25.27.v2101.ky10或以上版本
kernel-tools-libs-4.19.90-25.27.v2101.ky10或以上版本
kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10或以上版本
perf-4.19.90-25.27.v2101.ky10或以上版本
python3-perf-4.19.90-25.27.v2101.ky10或以上版本
4.修復(fù)方法
方法一:配置源進(jìn)行升級(jí)安裝
1.打開(kāi)軟件包源配置文件�����,根據(jù)倉(cāng)庫(kù)地址進(jìn)行修改��。
倉(cāng)庫(kù)源地址:
銀河麒麟高級(jí)服務(wù)器操作系統(tǒng) V10 SP2
aarch64:https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/
x86_64:https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/
2.配置完成后執(zhí)行更新命令進(jìn)行升級(jí)���,命令如下:
yum update Packagename
方法二:下載安裝包進(jìn)行升級(jí)安裝
通過(guò)軟件包地址下載軟件包,使用軟件包升級(jí)命令根據(jù)受影響的軟件包
列表進(jìn)行升級(jí)安裝, 命令如下:
yum install Packagename
3.升級(jí)完成后是否需要重啟服務(wù)或操作系統(tǒng):
CVE-2022-27672:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效�。
CVE-2022-4744:無(wú)需重啟操作系統(tǒng)與服務(wù)即可使漏洞修復(fù)生效。
CVE-2023-0266:無(wú)需重啟操作系統(tǒng)與服務(wù)即可使漏洞修復(fù)生效����。
CVE-2023-0458:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效���。
CVE-2023-0459:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效。
CVE-2023-1611:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效��。
CVE-2023-1838:無(wú)需重啟操作系統(tǒng)與服務(wù)即可使漏洞修復(fù)生效���。
CVE-2023-2002:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效����。
CVE-2023-20938:無(wú)需重啟操作系統(tǒng)與服務(wù)即可使漏洞修復(fù)生效�����。
CVE-2023-2162:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效�����。
CVE-2023-2194:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效��。
CVE-2023-2248:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效��。
CVE-2023-2269:無(wú)需重啟操作系統(tǒng)與服務(wù)即可使漏洞修復(fù)生效���。
CVE-2023-30772:需要重啟操作系統(tǒng)以使漏洞修復(fù)生效�。
5.軟件包下載地址
·銀河麒麟高級(jí)服務(wù)器操作系統(tǒng) V10 SP2
kernel(aarch64)軟件包下載地址:
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/bpftool-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-abi-whitelists-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-core-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-cross-headers-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-core-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-devel-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-modules-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-devel-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-headers-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-modules-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-modules-extra-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-modules-internal-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-tools-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-tools-libs-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/perf-4.19.90-25.27.v2101.ky10.aarch64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/python3-perf-4.19.90-25.27.v2101.ky10.aarch64.rpm
kernel(x86_64)軟件包下載地址:
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/bpftool-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-abi-whitelists-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-core-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-cross-headers-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-core-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-devel-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-modules-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-devel-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-headers-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-ipaclones-internal-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-modules-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-modules-extra-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-modules-internal-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-tools-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/perf-4.19.90-25.27.v2101.ky10.x86_64.rpm
https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/python3-perf-4.19.90-25.27.v2101.ky10.x86_64.rpm
注:其他相關(guān)依賴包請(qǐng)到相同目錄下載
6.修復(fù)驗(yàn)證
使用軟件包查詢命令,查看相關(guān)軟件包版本是否與修復(fù)版本一致����,如果版本一致,則說(shuō)明修復(fù)成功����。
sudo rpm -qa | grep Packagename
