摘要:
kernel security update
安全等级: High
公告ID: KylinSec-SA-2025-2719
发布日期: 2025年6月11日
The Linux Kernel, the operating system core itself.
Security Fix(es):
In the Linux kernel, the following vulnerability has been resolved:
block: fix rq-qos breakage from skipping rq_qos_done_bio()
a647a524a467 ("block: don't call rq_qos_ops->done_bio if the bio isn't
tracked") made bio_endio() skip rq_qos_done_bio() if BIO_TRACKED is not set.
While this fixed a potential oops, it also broke blk-iocost by skipping the
done_bio callback for merged bios.
Before, whether a bio goes through rq_qos_throttle() or rq_qos_merge(),
rq_qos_done_bio() would be called on the bio on completion with BIO_TRACKED
distinguishing the former from the latter. rq_qos_done_bio() is not called
for bios which wenth through rq_qos_merge(). This royally confuses
blk-iocost as the merged bios never finish and are considered perpetually
in-flight.
One reliably reproducible failure mode is an intermediate cgroup geting
stuck active preventing its children from being activated due to the
leaf-only rule, leading to loss of control. The following is from
resctl-bench protection scenario which emulates isolating a web server like
workload from a memory bomb run on an iocost configuration which should
yield a reasonable level of protection.
# cat /sys/block/nvme2n1/device/model
Samsung SSD 970 PRO 512GB
# cat /sys/fs/cgroup/io.cost.model
259:0 ctrl=user model=linear rbps=834913556 rseqiops=93622 rrandiops=102913 wbps=618985353 wseqiops=72325 wrandiops=71025
# cat /sys/fs/cgroup/io.cost.qos
259:0 enable=1 ctrl=user rpct=95.00 rlat=18776 wpct=95.00 wlat=8897 min=60.00 max=100.00
# resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1
...
Memory Hog Summary
==================
IO Latency: R p50=242u:336u/2.5m p90=794u:1.4m/7.5m p99=2.7m:8.0m/62.5m max=8.0m:36.4m/350m
W p50=221u:323u/1.5m p90=709u:1.2m/5.5m p99=1.5m:2.5m/9.5m max=6.9m:35.9m/350m
Isolation and Request Latency Impact Distributions:
min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev
isol% 15.90 15.90 15.90 40.05 57.24 59.07 60.01 74.63 74.63 90.35 90.35 58.12 15.82
lat-imp% 0 0 0 0 0 4.55 14.68 15.54 233.5 548.1 548.1 53.88 143.6
Result: isol=58.12:15.82% lat_imp=53.88%:143.6 work_csv=100.0% missing=3.96%
The isolation result of 58.12% is close to what this device would show
without any IO control.
Fix it by introducing a new flag BIO_QOS_MERGED to mark merged bios and
calling rq_qos_done_bio() on them too. For consistency and clarity, rename
BIO_TRACKED to BIO_QOS_THROTTLED. The flag checks are moved into
rq_qos_done_bio() so that it's next to the code paths that set the flags.
With the patch applied, the above same benchmark shows:
# resctl-bench -m 29.6G -r out.json run protection::scenario=mem-hog,loops=1
...
Memory Hog Summary
==================
IO Latency: R p50=123u:84.4u/985u p90=322u:256u/2.5m p99=1.6m:1.4m/9.5m max=11.1m:36.0m/350m
W p50=429u:274u/995u p90=1.7m:1.3m/4.5m p99=3.4m:2.7m/11.5m max=7.9m:5.9m/26.5m
Isolation and Request Latency Impact Distributions:
min p01 p05 p10 p25 p50 p75 p90 p95 p99 max mean stdev
isol% 84.91 84.91 89.51 90.73 92.31 94.49 96.36 98.04 98.71 100.0 100.0 94.42 2.81
lat-imp% 0 0 0 0 0 2.81 5.73 11.11 13.92 17.53 22.61 4.10 4.68
Result: isol=94.42:2.81% lat_imp=4.10%:4.68 work_csv=58.34% missing=0%(CVE-2022-49266)
In the Linux kernel, the following vulnerability has been resolved:
module: fix [e_shstrndx].sh_size=0 OOB access
It is trivial to craft a module to trigger OOB access in this line:
if (info->secstrings[strhdr->sh_size - 1] != '\0') {
BUG: unable to handle page fault for address: ffffc90000aa0fff
PGD 100000067 P4D 100000067 PUD 100066067 PMD 10436f067 PTE 0
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 7 PID: 1215 Comm: insmod Not tainted 5.18.0-rc5-00007-g9bf578647087-dirty #10
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014
RIP: 0010:load_module+0x19b/0x2391
[rebased patch onto modules-next](CVE-2022-49444)
In the Linux kernel, the following vulnerability has been resolved:
bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to
fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in
fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io
triggers KASAN use-after-free. To avoid the use-after-free, keep the
reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to
fsl_destroy_mc_io().
This patch needs rework to apply to kernels older than v5.15.(CVE-2022-49711)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2022-49266 | KY3.5.3 | kernel | Fixed |
| CVE-2022-49266 | KY3.5.2 | kernel | Fixed |
| CVE-2022-49711 | KY3.5.3 | kernel | Fixed |
| CVE-2022-49711 | KY3.5.2 | kernel | Fixed |
| CVE-2022-49444 | KY3.5.3 | kernel | Fixed |
| CVE-2022-49444 | KY3.5.2 | kernel | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| bpftool | x86_64 | 5.10.0-236.0.0.rt62.63.ky3_5 |
| kernel | x86_64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-devel | x86_64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-headers | x86_64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-source | x86_64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-tools | x86_64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-tools-devel | x86_64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| perf | x86_64 | 5.10.0-236.0.0.rt62.63.ky3_5 |
| python3-perf | x86_64 | 5.10.0-236.0.0.rt62.63.ky3_5 |
| bpftool | aarch64 | 5.10.0-236.0.0.rt62.63.ky3_5 |
| kernel | aarch64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-devel | aarch64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-headers | aarch64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-source | aarch64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-tools | aarch64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| kernel-tools-devel | aarch64 | 5.10.0-216.0.0.115.kb9.ky3_5 |
| perf | aarch64 | 5.10.0-236.0.0.rt62.63.ky3_5 |
| python3-perf | aarch64 | 5.10.0-236.0.0.rt62.63.ky3_5 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| bpftool | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-devel | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-headers | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-source | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-tools | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-tools-devel | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| perf | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| python3-perf | x86_64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| bpftool | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-devel | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-headers | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-source | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-tools | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| kernel-tools-devel | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| perf | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
| python3-perf | aarch64 | 5.10.0-216.0.0.115.kb13.ky3_5 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
