1.修复的漏洞 ·CVE-2023-2007 描述：The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. 2.受影响的软件包 ·银河麒麟高级服务器操作系统 V10 SP1 ·loongarch64架构: python3-perf、kernel-abi-whitelists、kernel-cross-headers、kernel-modules-internal、kernel-modules、kernel-headers、kernel-core、perf、kernel-devel、kernel-tools、bpftool、kernel-modules-extra、kernel 3.软件包修复版本 ·银河麒麟高级服务器操作系统 V10 SP1 (loongarch64) kernel-modules-extra-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-abi-whitelists-4.19.90-23.37.v2207.a.ky10或以上版本 perf-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-headers-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-cross-headers-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-devel-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-tools-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-modules-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-4.19.90-23.37.v2207.a.ky10或以上版本 bpftool-4.19.90-23.37.v2207.a.ky10或以上版本 python3-perf-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-core-4.19.90-23.37.v2207.a.ky10或以上版本 kernel-modules-internal-4.19.90-23.37.v2207.a.ky10或以上版本 4.修复方法 方法一：配置源进行升级安装 1.打开软件包源配置文件，根据仓库地址进行修改。 仓库源地址： 银河麒麟高级服务器操作系统 V10 SP1 loongarch64:https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/ 2.配置完成后执行更新命令进行升级，命令如下： yum update Packagename 方法二：下载安装包进行升级安装 通过软件包地址下载软件包，使用软件包升级命令根据受影响的软件包 列表进行升级安装, 命令如下： yum install Packagename 3.升级完成后是否需要重启服务或操作系统： CVE-2023-2007:需要重启操作系统以使漏洞修复生效。 5.软件包下载地址 ·银河麒麟高级服务器操作系统 V10 SP1 kernel(loongarch64)软件包下载地址: https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-cross-headers-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-abi-whitelists-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/python3-perf-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/bpftool-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-headers-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-modules-internal-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-devel-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-tools-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-modules-extra-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-modules-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/kernel-core-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm https://update.cs2c.com.cn/NS/V10/V10SP1.1/os/adv/lic/updates/loongarch64/Packages/perf-4.19.90-23.37.v2207.a.ky10.loongarch64.rpm 注：其他相关依赖包请到相同目录下载 6.修复验证 使用软件包查询命令，查看相关软件包版本是否与修复版本一致，如果版本一致，则说明修复成功。 sudo rpm -qa | grep Packagename