• 安全漏洞

    安全漏洞補丁公告

    技術服務 培訓服務 常見問題 產品試用申請 技術文檔下載 安全漏洞 系統更新
    當前位置  >  首頁  >  服務支持  >  安全漏洞  >  安全漏洞補丁公告

    公告ID(KYSA-202306-1060

    公告ID:KYSA-202306-1060 公告摘要:kernel安全漏洞 等級:Important 發布日期:2023-06-27

    詳細介紹

    1.修復的CVE ·CVE-2022-27672 描述:When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. ·CVE-2022-4744 描述:在Linux內核的TUN/TAP設備驅動程序功能中發現了一個雙重免費缺陷,即當register_netdevice函數(NETDEV_register通知程序)失敗時,用戶如何注冊設備。此缺陷允許本地用戶崩潰或可能升級其在系統上的權限。 ·CVE-2023-0266 描述:在Linux內核的sound/core/control.c中的ALSA子系統中發現了一個釋放后使用的缺陷。此漏洞允許本地攻擊者導致釋放后使用問題。 ·CVE-2023-0458 描述:A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the rlim variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit?739790605705ddcf18f21782b9c99ad7d53a8c11 ·CVE-2023-0459 描述:No description is available for this CVE. ·CVE-2023-1611 描述:A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea ·CVE-2023-1838 描述:由于雙重fget,在Linux內核中virtio網絡子組件的drivers/vhost/net.c中的vhost_net_set_backend中發現了一個釋放后使用缺陷。此問題可能使本地攻擊者使系統崩潰,并可能導致內核信息泄漏問題。 ·CVE-2023-2002 描述:A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. ·CVE-2023-20938 描述:在bind .c的binder_transaction_buffer_release中,由于不恰當的輸入驗證,可能會在free之后使用。這可能導致本地權限升級,而不需要額外的執行權限。利用此漏洞不需要用戶交互。 ·CVE-2023-2162 描述:A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. ·CVE-2023-2194 描述:An out-of-bounds write vulnerability was found in the Linux kernel s SLIMpro I2C device driver. The userspace data->block[0] variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. ·CVE-2023-2248 描述:An out-of-bounds memory access flaw was found in the Linux kernel’s traffic control (QoS) subsystem in how a user triggers the qfq_change_class function with an incorrect MTU value of the network device used as lmax. This flaw allows a local user to crash or potentially escalate their privileges on the system. ·CVE-2023-2269 描述:在Linux內核中發現一個缺陷,導致拒絕服務。出現此問題的原因可能是遞歸鎖定場景,導致Linux內核設備映射器多路徑子組件drivers/md/dm ioctl.c中的table_clear出現死鎖。 ·CVE-2023-30772 描述:The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. 2.受影響的軟件包 ·銀河麒麟高級服務器操作系統 V10 SP2 ·aarch64架構: bpftool、kernel、kernel-abi-whitelists、kernel-core、kernel-cross-headers、kernel-debug、kernel-debug-core、kernel-debug-devel、kernel-debug-modules、kernel-debug-modules-extra、kernel-debug-modules-internal、kernel-devel、kernel-headers、kernel-modules、kernel-modules-extra、kernel-modules-internal、kernel-tools、kernel-tools-libs、kernel-tools-libs-devel、perf、python3-perf ·x86_64架構: bpftool、kernel、kernel-abi-whitelists、kernel-core、kernel-cross-headers、kernel-debug、kernel-debug-core、kernel-debug-devel、kernel-debug-modules、kernel-debug-modules-extra、kernel-debug-modules-internal、kernel-devel、kernel-headers、kernel-ipaclones-internal、kernel-modules、kernel-modules-extra、kernel-modules-internal、kernel-tools、kernel-tools-libs、kernel-tools-libs-devel、perf、python3-perf 3.軟件包修復版本 ·銀河麒麟高級服務器操作系統 V10 SP2 (aarch64) bpftool-4.19.90-25.27.v2101.ky10或以上版本 kernel-4.19.90-25.27.v2101.ky10或以上版本 kernel-abi-whitelists-4.19.90-25.27.v2101.ky10或以上版本 kernel-core-4.19.90-25.27.v2101.ky10或以上版本 kernel-cross-headers-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-core-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-devel-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-modules-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10或以上版本 kernel-devel-4.19.90-25.27.v2101.ky10或以上版本 kernel-headers-4.19.90-25.27.v2101.ky10或以上版本 kernel-modules-4.19.90-25.27.v2101.ky10或以上版本 kernel-modules-extra-4.19.90-25.27.v2101.ky10或以上版本 kernel-modules-internal-4.19.90-25.27.v2101.ky10或以上版本 kernel-tools-4.19.90-25.27.v2101.ky10或以上版本 kernel-tools-libs-4.19.90-25.27.v2101.ky10或以上版本 kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10或以上版本 perf-4.19.90-25.27.v2101.ky10或以上版本 python3-perf-4.19.90-25.27.v2101.ky10或以上版本 ·銀河麒麟高級服務器操作系統 V10 SP2 (x86_64) bpftool-4.19.90-25.27.v2101.ky10或以上版本 kernel-4.19.90-25.27.v2101.ky10或以上版本 kernel-abi-whitelists-4.19.90-25.27.v2101.ky10或以上版本 kernel-core-4.19.90-25.27.v2101.ky10或以上版本 kernel-cross-headers-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-core-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-devel-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-modules-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10或以上版本 kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10或以上版本 kernel-devel-4.19.90-25.27.v2101.ky10或以上版本 kernel-headers-4.19.90-25.27.v2101.ky10或以上版本 kernel-ipaclones-internal-4.19.90-25.27.v2101.ky10或以上版本 kernel-modules-4.19.90-25.27.v2101.ky10或以上版本 kernel-modules-extra-4.19.90-25.27.v2101.ky10或以上版本 kernel-modules-internal-4.19.90-25.27.v2101.ky10或以上版本 kernel-tools-4.19.90-25.27.v2101.ky10或以上版本 kernel-tools-libs-4.19.90-25.27.v2101.ky10或以上版本 kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10或以上版本 perf-4.19.90-25.27.v2101.ky10或以上版本 python3-perf-4.19.90-25.27.v2101.ky10或以上版本 4.修復方法 方法一:配置源進行升級安裝 1.打開軟件包源配置文件,根據倉庫地址進行修改。 倉庫源地址: 銀河麒麟高級服務器操作系統 V10 SP2 aarch64:https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/ x86_64:https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/ 2.配置完成后執行更新命令進行升級,命令如下: yum update Packagename 方法二:下載安裝包進行升級安裝 通過軟件包地址下載軟件包,使用軟件包升級命令根據受影響的軟件包 列表進行升級安裝, 命令如下: yum install Packagename 3.升級完成后是否需要重啟服務或操作系統: CVE-2022-27672:需要重啟操作系統以使漏洞修復生效。 CVE-2022-4744:無需重啟操作系統與服務即可使漏洞修復生效。 CVE-2023-0266:無需重啟操作系統與服務即可使漏洞修復生效。 CVE-2023-0458:需要重啟操作系統以使漏洞修復生效。 CVE-2023-0459:需要重啟操作系統以使漏洞修復生效。 CVE-2023-1611:需要重啟操作系統以使漏洞修復生效。 CVE-2023-1838:無需重啟操作系統與服務即可使漏洞修復生效。 CVE-2023-2002:需要重啟操作系統以使漏洞修復生效。 CVE-2023-20938:無需重啟操作系統與服務即可使漏洞修復生效。 CVE-2023-2162:需要重啟操作系統以使漏洞修復生效。 CVE-2023-2194:需要重啟操作系統以使漏洞修復生效。 CVE-2023-2248:需要重啟操作系統以使漏洞修復生效。 CVE-2023-2269:無需重啟操作系統與服務即可使漏洞修復生效。 CVE-2023-30772:需要重啟操作系統以使漏洞修復生效。 5.軟件包下載地址 ·銀河麒麟高級服務器操作系統 V10 SP2 kernel(aarch64)軟件包下載地址: https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/bpftool-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-abi-whitelists-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-core-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-cross-headers-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-core-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-devel-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-modules-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-devel-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-headers-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-modules-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-modules-extra-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-modules-internal-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-tools-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-tools-libs-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/perf-4.19.90-25.27.v2101.ky10.aarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/aarch64/Packages/python3-perf-4.19.90-25.27.v2101.ky10.aarch64.rpm kernel(x86_64)軟件包下載地址: https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/bpftool-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-abi-whitelists-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-core-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-cross-headers-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-core-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-devel-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-modules-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-modules-extra-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-debug-modules-internal-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-devel-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-headers-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-ipaclones-internal-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-modules-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-modules-extra-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-modules-internal-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-tools-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/kernel-tools-libs-devel-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/perf-4.19.90-25.27.v2101.ky10.x86_64.rpm https://update.cs2c.com.cn/NS/V10/V10SP2/os/adv/lic/updates/x86_64/Packages/python3-perf-4.19.90-25.27.v2101.ky10.x86_64.rpm 注:其他相關依賴包請到相同目錄下載 6.修復驗證 使用軟件包查詢命令,查看相關軟件包版本是否與修復版本一致,如果版本一致,則說明修復成功。 sudo rpm -qa | grep Packagename
    上一篇: KYSA-202306-1041 下一篇: KYSA-202306-1063

    服務熱線

    400-089-1870

    • 國產操作系統公眾號

      微信公眾號

    • 頭條號

    版權所有 麒麟軟件有限公司 Copyright 2020. kylinos.cn. All Rights Reserved. 網站備案號: 津ICP備15002470號-1  

    試用

    服務

    動態

    聯系
    公啊灬啊灬啊灬快灬深用力视频