Polkit 権限の昇格(CVE-2021-4034 No2)について(2022.09.16)
polkitのpkexecユーティリティにローカル権限昇格の脆弱性(CVE-2021-4034) (2022.01.28)
# yum update polkit
または、
# tar xvfz updates7-polkit.tar.gz
# yum localupdate \
polkit-0.112-26.el7_9.1.x86_64.rpm \
polkit-devel-0.112-26.el7_9.1.x86_64.rpm \
polkit-docs-0.112-26.el7_9.1.noarch.rpm
# cd /usr/local/src
# tar xvfz /mnt/grub2-2.02-0.76.gz
# cd grub2-2.02-0.76
# ./upgrade.sh
この時、grub2-2.02-0.65 が削除されgrub2-2.02-0.76がインストールされます。
# yum install epel-release
# yum groups install "MATE Desktop"
# yum install lightdm
# systemctl disable gdm
# systemctl enable lightdm
[ 17.680113] f 0#6: armed on ring 0!
[ 17.680151] f 0#6: signaled from irq context
[ 17.680561] f 0#7: armed on ring 0!
[ 17.680599] f 0#7: signaled from irq context
:
[ 19.689268] f 0#103: signaled from radeon_fence_signaled
[ 19.689346] f 0#104: armed on ring 0!
[ 19.689407] f 0#104: signaled from irq context
[ 19.706062] f 0#107: armed on ring 0!
:
対処方法
# rpm -ivh fence_trace-1-0.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:fence_trace-1-0 ################################# [100%]
Patching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/kdump
Patching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/prt-debug
Patching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/prt-trace
Patching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/prt
Patching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/standard
Patching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/trace
Patching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/debug
Rebuild debug kernel modules
Install debug kernel modules
make[1]: Entering directory `/usr/src/linux-4.1.15RedHawk7.2'
INSTALL /lib/modules/4.1.15-rt17-RedHawk-7.2-debug/build/drivers/gpu/drm/radeon/radeon.ko
DEPMOD 4.1.15-rt17-RedHawk-7.2-debug
make[1]: Leaving directory `/usr/src/linux-4.1.15RedHawk7.2'
Rebuild standard kernel modules
Install standard kernel modules
make[1]: Entering directory `/usr/src/linux-4.1.15RedHawk7.2'
INSTALL /lib/modules/4.1.15-rt17-RedHawk-7.2/build/drivers/gpu/drm/radeon/radeon.ko
DEPMOD 4.1.15-rt17-RedHawk-7.2
make[1]: Leaving directory `/usr/src/linux-4.1.15RedHawk7.2'
Rebuild trace kernel modules
Install trace kernel modules
make[1]: Entering directory `/usr/src/linux-4.1.15RedHawk7.2'
INSTALL /lib/modules/4.1.15-rt17-RedHawk-7.2-trace/build/drivers/gpu/drm/radeon/radeon.ko
DEPMOD 4.1.15-rt17-RedHawk-7.2-trace
make[1]: Leaving directory `/usr/src/linux-4.1.15RedHawk7.2'
*************************************************
All the driver for this product has been updated.
*************************************************
なお、アンインストールする必要はありませんが、アンインストールの方法を下記に示します。
# rpm -e fence_trace-1-0
Unpatching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/kdump
Unpatching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/prt-debug
Unpatching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/prt-trace
Unpatching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/prt
Unpatching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/standard
Unpatching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/trace
Unpatching /usr/src/linux-4.1.15RedHawk7.2/configs/x86_64/debug
Rebuild debug kernel modules
Install debug kernel modules
make[1]: Entering directory `/usr/src/linux-4.1.15RedHawk7.2'
INSTALL /lib/modules/4.1.15-rt17-RedHawk-7.2-debug/build/drivers/gpu/drm/radeon/radeon.ko
DEPMOD 4.1.15-rt17-RedHawk-7.2-debug
make[1]: Leaving directory `/usr/src/linux-4.1.15RedHawk7.2'
Rebuild standard kernel modules
Install standard kernel modules
make[1]: Entering directory `/usr/src/linux-4.1.15RedHawk7.2'
INSTALL /lib/modules/4.1.15-rt17-RedHawk-7.2/build/drivers/gpu/drm/radeon/radeon.ko
DEPMOD 4.1.15-rt17-RedHawk-7.2
make[1]: Leaving directory `/usr/src/linux-4.1.15RedHawk7.2'
Rebuild trace kernel modules
Install trace kernel modules
make[1]: Entering directory `/usr/src/linux-4.1.15RedHawk7.2'
INSTALL /lib/modules/4.1.15-rt17-RedHawk-7.2-trace/build/drivers/gpu/drm/radeon/radeon.ko
DEPMOD 4.1.15-rt17-RedHawk-7.2-trace
make[1]: Leaving directory `/usr/src/linux-4.1.15RedHawk7.2'
*************************************************
All the driver for this product has been updated.
*************************************************