惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
Stack Overflow Blog
Stack Overflow Blog
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
T
The Blog of Author Tim Ferriss
博客园 - 叶小钗
N
Netflix TechBlog - Medium
腾讯CDC
C
Check Point Blog
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
S
SegmentFault 最新的问题
F
Fortinet All Blogs
美团技术团队
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 司徒正美
F
Full Disclosure
Recorded Future
Recorded Future
D
DataBreaches.Net
博客园 - 【当耐特】
Martin Fowler
Martin Fowler
J
Java Code Geeks
I
InfoQ
Y
Y Combinator Blog
A
About on SuperTechFans
AI
AI
爱范儿
爱范儿
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Forbes - Security
Forbes - Security
W
WeLiveSecurity
M
MIT News - Artificial intelligence
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
Schneier on Security
Schneier on Security
The GitHub Blog
The GitHub Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
aimingoo的专栏
aimingoo的专栏
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
Latest news
Latest news
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Docker
Recent Commits to openclaw:main
Recent Commits to openclaw:main
量子位
V2EX - 技术
V2EX - 技术
Project Zero
Project Zero

梦荟楼的后花园

玩转OpenClaw(Moltbot)|启用webui-梦荟楼的后花园 玩转OpenClaw(Moltbot)|重生之我用ai自动考试-梦荟楼的后花园 国产系统(kylin、uos)维护工具推荐-梦荟楼的后花园 debian常用命令、配置文件位置及配置方式-梦荟楼的后花园 华为防火墙多wan口指定接口进行dns透明代理-梦荟楼的后花园 华为防火墙光电互斥口切换模式-梦荟楼的后花园 天融信防火墙设置双向地址转换-梦荟楼的后花园 1panel添加群晖webdav作为备份账号-梦荟楼的后花园 Windows映射文件夹-梦荟楼的后花园 linux下使用硬盘哨兵查看raid下硬盘健康状态-梦荟楼的后花园 Windows命令查看文件的MD5/SHA1/SHA256-梦荟楼的后花园 雷池最佳实践-梦荟楼的后花园 matomo设置使用cdn获取真实客户端IP-梦荟楼的后花园 Linux硬盘io测试-梦荟楼的后花园 Debian12配置静态ipv4和ipv6-梦荟楼的后花园 雷池专业版4.3.0测评💦-梦荟楼的后花园 长亭新春礼盒开箱-梦荟楼的后花园 盈高准入加密U盘或移动硬盘时一直提示正在等待Windows加载系统盘符-梦荟楼的后花园 华为交换机解决设备观察端口不足的问题-梦荟楼的后花园
银河麒麟CVE-2025-6019漏洞排查和修复-梦荟楼的后花园
梦荟楼 · 2025-08-22 · via 梦荟楼的后花园

漏洞详情

Linux 系统被披露其存在本地权限提升漏洞,漏洞编号分别为CVE-2025-6018, CVE-2025-6019。可导致本地普通用户提升权限至 root 权限等危害。

CVE-2025-6018:

Linux PAM,即可插拔认证模块,是 Linux/Unix 系统的核心安全框架,用于集中管理用户认证与权限控制。

在 Linux 操作系统的 PAM(可插拔认证模块)配置中,由于系统错误地将远程 SSH 会话识别为 allow_active 用户会话,导致攻击者能以普通本地用户身份绕过权限检查,通过默认 polkit 策略执行本应仅限本地控制台用户的操作(如存储设备管理)。

CVE-2025-6019:

UDisks 是一个开源的 Linux 磁盘管理守护进程,属于主流 Linux 发行版的核心组件之一。

在大多数 Linux 操作系统中,UDisks 服务默认运行,主要提供 D-Bus 接口用于存储管理(挂载、查询、格式化等),并且在底层调用 libblockdev 库,但由于 libblockdev 库存在权限校验缺陷,导致经过身份验证的具有 allow_active 权限(可利用 Linux PAM 本地权限提升漏洞(CVE-2025-6018)获得该权限)的本地攻击者通过构造恶意存储操作请求(如伪造设备挂载)提升权限至 root 权限等。

漏洞受影响设备查看

CVE-2025-6018银河麒麟基本不受影响,CVE-2025-6019除银河麒麟桌面操作系统V10 中标麒麟高级服务器操作系统 V6 银河麒麟高级服务器操作系统 V10 以外基本都有问题,详细可见下方受影响版本链接

https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-6018

https://support.kylinos.cn/#/security/cveDetail?allTitle=CVE-2025-6019

修复方法

修复升级包

https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/gir1.2-blockdev-2.0_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-btrfs2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-crypto2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-dm2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-fs2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-kbd2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-loop2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-lvm-dbus2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-lvm2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-mdraid2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-mpath2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-nvdimm2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-part-err2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-part2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-plugins-all_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-swap2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-utils2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev-vdo2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/libblockdev2_2.23-2kylin3+esm1_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/libb/libblockdev/python3-blockdev_2.23-2kylin3+esm1_all.deb

https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/gir1.2-udisks-2.0_2.8.4-1kylin2k0.19_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/libudisks2-0_2.8.4-1kylin2k0.19_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/udisks2-bcache_2.8.4-1kylin2k0.19_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/udisks2-btrfs_2.8.4-1kylin2k0.19_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/udisks2-lvm2_2.8.4-1kylin2k0.19_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/udisks2-vdo_2.8.4-1kylin2k0.19_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/udisks2-zram_2.8.4-1kylin2k0.19_arm64.deb
https://archive.kylinos.cn/kylin/KYLIN-ALL/pool/universe/u/udisks2/udisks2_2.8.4-1kylin2k0.19_arm64.deb

修复方法

打开终端

win+t 或在桌面空白处右键鼠标,选择打开终端并cd进入到升级包所在目录且所有升级包均在一个目录下

安装升级包

执行命令sudo 空格dpkg 空格 -i 空格 *.deb 执行后会提示输入密码,密码是开机密码,密码输入后不显示在屏幕上,盲输入后回车即可安装。