1.修復的漏洞 ·CVE-2023-2007 描述：The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. 2.受影響的軟件包 ·銀河麒麟高級服務器操作系統 V10 SP1 ·loongarch64架構: python3-perf、kernel-abi-whitelists、kernel-cross-headers、kernel-modules-internal、kernel-modules、kernel-headers、kernel-core、perf、kernel-devel、kernel-tools、bpftool、kernel-modules-extra、kernel 3.軟件包修復版本 ·銀河麒麟高級服務器操作系統 V10 SP1 (loongarch64) kernel-modules-extra-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-abi-whitelists-4.19.90-23.37.v2207.a.ky10或以上版本 perf-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-headers-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-cross-headers-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-devel-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-tools-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-modules-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-4.19.90-23.37.v2207.a.ky10或以上版本 bpftool-4.19.90-23.37.v2207.a.ky10或以上版本 python3-perf-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-core-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-modules-internal-4.19.90-23.37.v2207.a.ky10或以上版本 4.修復方法 方法一：配置源進行升級安裝 1.打開軟件包源配置文件，根據倉庫地址進行修改。 倉庫源地址： 銀河麒麟高級服務器操作系統 V10 SP1 loongarch64:https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/ 2.配置完成后執行更新命令進行升級，命令如下： yum update Packagename 方法二：下載安裝包進行升級安裝 通過軟件包地址下載軟件包，使用軟件包升級命令根據受影響的軟件包 列表進行升級安裝, 命令如下： yum install Packagename 3.升級完成后是否需要重啟服務或操作系統： CVE-2023-2007:需要重啟操作系統以使漏洞修復生效。 5.軟件包下載地址 ·銀河麒麟高級服務器操作系統 V10 SP1 kernel(loongarch64)軟件包下載地址: https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-cross-headers-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-abi-whitelists-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/python3-perf-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/bpftool-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-headers-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-modules-internal-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-devel-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-tools-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-modules-extra-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-modules-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-core-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/perf-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm 注：其他相關依賴包請到相同目錄下載 6.修復驗證 使用軟件包查詢命令，查看相關軟件包版本是否與修復版本一致，如果版本一致，則說明修復成功。 sudo rpm -qa | grep Packagename