系统版本:银河麒麟桌面操作系统V10 SP1 2503漏洞编号:CVE-2026-31431
漏洞威胁等级:高危
漏洞描述:Linux Kernel algif_aead 模块(AF_ALG 用户态加密 API 的 AEAD 接口)存在本地提权漏洞,该漏洞源于 2017 年引入的一项 in-place 优化(commit 72548b093ee3),由于源数据与目标数据来自不同的内存映射,in-place 操作会将 page-cache 页面错误地放入可写目的地的 scatterlist 中,未授权的本地攻击者可通过 splice() 将 SUID 二进制文件的页缓存页面与 AF_ALG socket 加密操作串联,实现对任意页缓存页面的可控 4 字节写入,从而篡改已加载到内存中的 SUID 程序代码,最终获取 root 权限。
修复方法:
方法一:升级安装
在终端执行更新命令进行升级
$sudo apt install linux-generic
方法二:下载软件包进行升级安装
通过软件包地址下载软件包,使用软件包升级命令根据受影响的软件包列表升级相关的组件包。
$sudo apt-get install /Path1/Package1 /Path2/Package2 /Path3/Package3……
注:Path 指软件包下载到本地的路径,Package指下载的软件包名称,多个软件包则以空格分开。
软件包下载地址
银河麒麟桌面操作系统V10 SP1 2503arm64软件包下载地址https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-buildinfo-5.4.18-161-generic_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-headers-5.4.18-161-generic_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-image-5.4.18-161-generic_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-libc-dev_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-modules-5.4.18-161-generic_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-modules-extra-5.4.18-161-generic_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-tools-5.4.18-161-generic_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-tools-5.4.18-161_5.4.18-161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-crashdump_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-generic-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-generic-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-generic_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-headers-generic-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-headers-generic-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-headers-generic_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-headers-virtual-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-headers-virtual-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-headers-virtual_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-extra-virtual-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-extra-virtual-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-extra-virtual_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-generic-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-generic-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-generic_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-virtual-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-virtual-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-image-virtual_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-tools-generic-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-tools-generic-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-tools-generic_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-tools-virtual-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-tools-virtual-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-tools-virtual_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-virtual-hwe-18.04-edge_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-virtual-hwe-18.04_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-virtual_5.4.18.161.150_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/d/d3000m-ddx/d3000m-ddx_1.0.19kylin25_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/f/ftg340/ftg340_1.1.10-kylin44_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/f/ftv310-drv-video/ftv310-drv-video_1.0.21.kylin11_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xdmx-tools_1.20.9-2kylin2.4k24.37_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xdmx_1.20.9-2kylin2.4k24.37_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xnest_1.20.9-2kylin2.4k24.37_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xserver-xephyr_1.20.9-2kylin2.4k24.37_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xserver-xorg-core_1.20.9-2kylin2.4k24.37_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xserver-xorg-legacy_1.20.9-2kylin2.4k24.37_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xvfb_1.20.9-2kylin2.4k24.37_arm64.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-cloud-tools-common_5.4.18-161.150_all.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-headers-5.4.18-161_5.4.18-161.150_all.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-tools-common_5.4.18-161.150_all.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux/linux-tools-host_5.4.18-161.150_all.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-meta/linux-source_5.4.18.161.150_all.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/l/linux-firmware/linux-firmware_1.187.15kylin0k22.52_all.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/x/xorg-server/xserver-common_1.20.9-2kylin2.4k24.37_all.debhttps://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/r/realtek-wifi-dkms/realtek-wifi-dkms_5.15.01-1kylin0k0.16_all.deb