An gano lahani da yawa a cikin Linux Kernel

Darkcrizt

4 minti

Kwanan nan, an fitar da labarin cewa an gano wasu lahani da aka ware a matsayin masu haɗari a cikin kwayar Linux kuma hakan yana ba masu amfani da gida damar haɓaka gatansu akan tsarin.

Na farko daga cikin raunin shi ne CVE-2022-0995 kuma shine gabatar a cikin tsarin sa ido na taron "watch_queue" kuma wannan yana haifar da rubuta bayanai zuwa wani yanki na ƙwaƙwalwar kernel a waje da abin da aka keɓe. Kowane mai amfani na iya kai harin ba tare da gata ba kuma an aiwatar da lambar su tare da gatan kwaya.

Rashin lahani yana nan a cikin aikin watch_queue_set_size() kuma yana da alaƙa da yunƙurin share duk masu nuni daga lissafin, koda kuwa ba a keɓe su ba. Matsalar tana bayyana kanta yayin gina kernel tare da zaɓin "CONFIG_WATCH_QUEUE=y", wanda yawancin rabawa Linux ke amfani dashi.

An ambata cewa yanayin shigewa aka warware a cikin wani canji ƙara zuwa kernel ranar 11 ga Maris.

Lalaci na biyu da aka bayyana shine CVE-2022-27666 abin da ke yana cikin kernel modules esp4 da esp6 wanda ke aiwatar da sauye-sauye na Tsaro na Tsaro (ESP) don IPsec wanda ake amfani dashi lokacin amfani da duka IPV4 da IPV6.

Ularfafawa yana bawa mai amfani na gida damar samun gata na yau da kullun don sake rubuta abubuwa a cikin ƙwaƙwalwar kernel da haɓaka gatansu. a cikin tsarin. Matsalar ta samo asali ne saboda rashin daidaituwa tsakanin girman ƙwaƙwalwar ajiya da kuma bayanan da aka karɓa a zahiri, tun da matsakaicin girman saƙon zai iya wuce matsakaicin girman adadin da aka ware don tsarin skb_page_frag_refill.

An ambata cewa An daidaita raunin a cikin kwaya a ranar 7 ga Maris (kafaffen cikin 5.17, 5.16.15, da dai sauransu), ƙari an buga samfurin aiki daga cin zarafi wanda ke bawa mai amfani na yau da kullun damar samun tushen tushen tushen Ubuntu 21.10 a cikin saitunan tsoho akan GitHub.

An bayyana cewa tare da ƙananan canje-canje, amfani kuma zai yi aiki akan Fedora da Debian. Ya kamata a lura cewa an shirya amfani da asali don gasar pwn2own 2022, amma masu haɓaka kwaya sun gano bugu da aka haɗa kuma an gyara su, don haka an yanke shawarar bayyana cikakkun bayanai game da raunin.

Sauran raunin da aka bayyana sune CVE-2022-1015 y CVE-2022-1016 a cikin tsarin netfilter a cikin nf_tables module wanda ke ciyar da nftables fakiti tace. Mai binciken wanda ya gano lamuran ya ba da sanarwar shirye-shiryen fa'idodin aiki don raunin duka biyun, waɗanda aka shirya za a saki 'yan kwanaki bayan sabunta fakitin sakin kernel.

matsala ta farko yana bawa mai amfani na gida mara gata damar cimma rubutu mara iyaka. An cika ambaliya a cikin sarrafa ingantattun maganganun nftables waɗanda ake sarrafa su yayin lokacin tabbatar da firikwensin da mai amfani ya bayar wanda ke da damar yin amfani da ƙa'idodin nftables.

Rashin lafiyar ya kamata ga gaskiyar cewa masu haɓakawa sun nuna hakan darajar "enum nft_registers reg" byte daya ne, yayin lokacin da aka kunna wasu ingantawa, mai tarawa, bisa ga ƙayyadaddun C89, Kuna iya amfani da ƙimar 32 bit domin shi. Saboda wannan ƙugiya, girman da aka yi amfani da shi don dubawa da rarraba ƙwaƙwalwar ajiya bai dace da ainihin girman bayanan da ke cikin tsarin ba, yana haifar da wutsiya na tsarin akan ma'auni.

Ana iya amfani da matsalar don aiwatar da lamba a matakin kernel, amma hari mai nasara yana buƙatar samun dama ga nftables.

Ana iya samun su a cikin wani wurin sunaye na cibiyar sadarwa daban (fassarar sunan cibiyar sadarwa) tare da haƙƙin CLONE_NEWUSER ko CLONE_NEWNET (misali, idan kuna iya gudanar da keɓaɓɓen akwati). Har ila yau rashin lafiyar yana da alaƙa da haɓakawa da mai tarawa ke amfani da shi, waɗanda, alal misali, ana kunna su lokacin da ake haɗawa cikin yanayin "CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y". Yin amfani da raunin yana yiwuwa kamar na Linux kernel 5.12.

Rashin lahani na biyu a cikin netfilter yana faruwa lokacin samun dama yankin ƙwaƙwalwar ajiya riga an saki (amfani-bayan-kyauta) a cikin direban nft_do_chain kuma yana iya haifar da ɓoyayyen wuraren ƙwaƙwalwar kernel waɗanda ba a buɗe ba waɗanda za'a iya karanta su ta hanyar yin amfani da maganganun nftables da amfani da su, alal misali, don tantance adiresoshin masu nuni yayin ci gaban ci gaba ga sauran lahani. Yin amfani da raunin yana yiwuwa kamar na Linux kernel 5.13.

An gyara rashin lahani a cikin sabuntawar Kernel na gyara kwanan nan.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.