漏洞修复--Linux 权限提升漏洞(CVE-2022-2588)
1. 漏洞描述:
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
Linux kernel route4_change存在安全漏洞,该漏洞源于释放后重用,允许本地有特权的攻击者使系统崩溃,可能导致本地特权升级问题。
2. 解决方法
使用阿里云或者腾讯云的仓库,具体方法其他文章有说明
sudo yum update -y kernel-tools bpftool kernel-headers kernel-devel python-perf kernel-tools-libs
3. 修复过程
# sudo yum update -y kernel-tools bpftool kernel-headers kernel-devel python-perf kernel-tools-libs
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package bpftool.x86_64 0:3.10.0-1127.13.1.el7 will be updated
---> Package bpftool.x86_64 0:3.10.0-1160.80.1.el7 will be an update
---> Package kernel-devel.x86_64 0:3.10.0-1160.80.1.el7 will be installed
---> Package kernel-headers.x86_64 0:3.10.0-1127.13.1.el7 will be updated
---> Package kernel-headers.x86_64 0:3.10.0-1160.80.1.el7 will be an update
---> Package kernel-tools.x86_64 0:3.10.0-1127.13.1.el7 will be updated
---> Package kernel-tools.x86_64 0:3.10.0-1160.80.1.el7 will be an update
---> Package kernel-tools-libs.x86_64 0:3.10.0-1127.13.1.el7 will be updated
---> Package kernel-tools-libs.x86_64 0:3.10.0-1160.80.1.el7 will be an update
---> Package python-perf.x86_64 0:3.10.0-1127.13.1.el7 will be updated
---> Package python-perf.x86_64 0:3.10.0-1160.80.1.el7 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
===========================================================================================================================================================================
Package Arch Version Repository Size
===========================================================================================================================================================================
Installing:
kernel-devel x86_64 3.10.0-1160.80.1.el7 updates 18 M
Updating:
bpftool x86_64 3.10.0-1160.80.1.el7 updates 8.5 M
kernel-headers x86_64 3.10.0-1160.80.1.el7 updates 9.1 M
kernel-tools x86_64 3.10.0-1160.80.1.el7 updates 8.2 M
kernel-tools-libs x86_64 3.10.0-1160.80.1.el7 updates 8.1 M
python-perf x86_64 3.10.0-1160.80.1.el7 updates 8.2 M
Transaction Summary
===========================================================================================================================================================================
Install 1 Package
Upgrade 5 Packages
Total download size: 60 M
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/6): bpftool-3.10.0-1160.80.1.el7.x86_64.rpm | 8.5 MB 00:00:00
(2/6): kernel-devel-3.10.0-1160.80.1.el7.x86_64.rpm | 18 MB 00:00:01
(3/6): kernel-tools-3.10.0-1160.80.1.el7.x86_64.rpm | 8.2 MB 00:00:01
(4/6): kernel-headers-3.10.0-1160.80.1.el7.x86_64.rpm | 9.1 MB 00:00:01
(5/6): kernel-tools-libs-3.10.0-1160.80.1.el7.x86_64.rpm | 8.1 MB 00:00:00
(6/6): python-perf-3.10.0-1160.80.1.el7.x86_64.rpm | 8.2 MB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 19 MB/s | 60 MB 00:00:03
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : kernel-tools-libs-3.10.0-1160.80.1.el7.x86_64 1/11
Updating : kernel-tools-3.10.0-1160.80.1.el7.x86_64 2/11
Updating : bpftool-3.10.0-1160.80.1.el7.x86_64 3/11
Updating : kernel-headers-3.10.0-1160.80.1.el7.x86_64 4/11
Updating : python-perf-3.10.0-1160.80.1.el7.x86_64 5/11
Installing : kernel-devel-3.10.0-1160.80.1.el7.x86_64 6/11
Cleanup : kernel-headers-3.10.0-1127.13.1.el7.x86_64 7/11
Cleanup : kernel-tools-3.10.0-1127.13.1.el7.x86_64 8/11
Cleanup : kernel-tools-libs-3.10.0-1127.13.1.el7.x86_64 9/11
Cleanup : bpftool-3.10.0-1127.13.1.el7.x86_64 10/11
Cleanup : python-perf-3.10.0-1127.13.1.el7.x86_64 11/11
Verifying : kernel-tools-libs-3.10.0-1160.80.1.el7.x86_64 1/11
Verifying : kernel-devel-3.10.0-1160.80.1.el7.x86_64 2/11
Verifying : python-perf-3.10.0-1160.80.1.el7.x86_64 3/11
Verifying : kernel-headers-3.10.0-1160.80.1.el7.x86_64 4/11
Verifying : bpftool-3.10.0-1160.80.1.el7.x86_64 5/11
Verifying : kernel-tools-3.10.0-1160.80.1.el7.x86_64 6/11
Verifying : kernel-headers-3.10.0-1127.13.1.el7.x86_64 7/11
Verifying : python-perf-3.10.0-1127.13.1.el7.x86_64 8/11
Verifying : kernel-tools-libs-3.10.0-1127.13.1.el7.x86_64 9/11
Verifying : kernel-tools-3.10.0-1127.13.1.el7.x86_64 10/11
Verifying : bpftool-3.10.0-1127.13.1.el7.x86_64 11/11
Installed:
kernel-devel.x86_64 0:3.10.0-1160.80.1.el7
Updated:
bpftool.x86_64 0:3.10.0-1160.80.1.el7 kernel-headers.x86_64 0:3.10.0-1160.80.1.el7 kernel-tools.x86_64 0:3.10.0-1160.80.1.el7
kernel-tools-libs.x86_64 0:3.10.0-1160.80.1.el7 python-perf.x86_64 0:3.10.0-1160.80.1.el7
Complete!
4. 重新扫描
