An gano lahani guda biyu a cikin Linux Kernel wanda har yanzu ya ba masu amfani damar haɓaka gatansu. 

Darkcrizt

4 minti

damuwa

Idan aka yi amfani da su, waɗannan kurakuran na iya ba wa maharan damar samun dama ga bayanai masu mahimmanci ba tare da izini ba ko kuma gabaɗaya haifar da matsala

Kwanaki kadan da suka gabata labari ya bayyana hakan An gano lahani biyu a ciki subsystems na Linux kernel, Netfilter da io_uring, waɗanda ke ba masu amfani da gida damar haɓaka gatansu akan tsarin.

Na farko shine rauni. (CVE-2023-32233) wanda aka gano a cikin tsarin tsarin Netfilter kuma lalacewa ta hanyar amfani-bayan-free damar ƙwaƙwalwar ajiya a cikin nf_tables module, wanda ke tabbatar da aikin tacewar fakitin nftables.

Wannan kwaro saboda netfilter nf_tables yana ba da damar sabunta tsarin sa don buƙatun rukuni tare ayyuka na asali da yawa a cikin ma'amalolin atomic.

Matsalar An sake bugawa a cikin nau'ikan kernel na Linux daban-daban, gami da Linux 6.3.1 (tsayayyen halin yanzu) kuma ana iya amfani da raunin ta hanyar aika buƙatun ƙira na musamman don sabunta tsarin nftables. An ambaci cewa harin yana buƙatar samun dama ga nftables, waɗanda za a iya samu a cikin wani wurin sunan cibiyar sadarwa daban idan kuna da haƙƙoƙin CLONE_NEWUSER, CLONE_NEWNS, ko CLONE_NEWNET (misali, idan kuna iya gudanar da akwati keɓe).

A kan wannan kwaro, mai binciken wanda ya gano matsalar ya yi alkawarin dagewa na tsawon mako guda don buga cikakken bayani da misalin wani aiki da ke samar da tushen harsashi.

A cikin wani takamaiman yanayin, buƙatun batch ɗin da ba daidai ba zai iya ƙunsar aikin da zai share saitin nft wanda ba a san shi ba a fakaice sannan wani aiki wanda ke ƙoƙarin yin aiki akan saitin nft ɗin da ba a san shi ba bayan an goge shi. A cikin yanayin da ke sama, misalin aikin da ke sama shine share ƙa'idar nft data kasance wacce ke amfani da saitin nft maras sani. Kuma misalin aikin na ƙarshe shine ƙoƙarin cire wani abu daga wannan nft ɗin da ba a san shi ba bayan an cire tsararrun a madadin, aikin na ƙarshe yana iya ƙoƙarin sake cire wannan rukunin yanar gizon a sarari. 

Kamar yadda aka riga aka ambata a farkon, wannan ya kasance kwanaki da yawa da suka gabata kuma an riga an bayyana amfani da bayanan. Ana iya samun amfani da kuma cikakkun bayanansa a mahaɗin da ke biyowa.

An gano laifin na biyu, ya kasance mai rauni (CVE-2023-2598) in aiwatar da haɗin I/O asynchronous io_ring an haɗa shi a cikin Linux kernel tun daga sigar 5.1.

Matsalar tana faruwa ne ta hanyar kwaro a cikin aikin io_sqe_buffer_register, wanda ke ba da damar yin amfani da ƙwaƙwalwar ajiyar jiki a waje da iyakokin ma'ajin da aka keɓe. Batun ya bayyana ne kawai a cikin reshe na 6.3 kuma za a gyara shi a cikin sabuntawa na 6.3.2 na gaba.

An ambaci cewa ra'ayin da ke tattare da ƙaddamarwa na ainihi shine cewa maimakon raba manyan shafuka waɗanda aka kulle su zuwa shigarwar bvec guda ɗaya, kuna iya samun shigarwar bvec guda ɗaya ga duk ɓangarori na shafin. Musamman, idan duk shafukan da ke cikin taswirar buffer suna amfani da tsarin shafi na farko da tsayin buffer a shigarwar bvec ɗaya maimakon yin taswirar kowane shafi daban-daban.

Don haka bvec zai wuce da kyau fiye da shafi ɗaya wanda a zahiri an yarda ya taɓa shi. Daga baya, IORING_OP_READ_FIXED da IORING_OP_WRITE_FIXED suna ba mu damar karantawa da rubutawa zuwa ga buffer (watau ƙwaƙwalwar ajiyar da bvec ke nunawa) yadda muke so. Wannan yana ba da damar karantawa/rubutu damar zuwa ƙwaƙwalwar ajiyar jiki a bayan shafin da muke da shi.

Bugawar rashin lahani ya ambaci matakan haifuwa kuskure:

1. Ƙirƙiri memfd
2. Kuskure shafi ɗaya a cikin wannan bayanin fayil ɗin
3. Yi amfani da MAP_FIXED don yin taswirar wannan shafin akai-akai, zuwa wurare a jere
4. Yi rijista duk yankin da kuka cika da wannan shafin azaman
kafaffen buffer tare da IORING_REGISTER_BUFFERS
5. Yi amfani da IORING_OP_WRITE_FIXED don rubuta buffer zuwa wani fayil daban
(OOB karanta) ko IORING_OP_READ_FIXED don karanta bayanai a cikin buffer (
OOB ya rubuta).

A karshe yana da kyau a ambaci hakan yana samuwa  samfurin yin amfani da aiki (CVE-2023-2598) don gwaji, ba ku damar gudanar da lamba tare da gata na kernel.

Ularfafawa (CVE-2023-32233) An gyara shi a cikin sabuntawar 6.4-rc kuma zaku iya bin gyaran rashin ƙarfi a cikin rabawa akan shafukan: DebianUbuntuGentooRHELFedoraSUSE/budeSUSEArch.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.