'Yan kwanaki da suka gabata an yi bayanin rashin lahani da yawa a bainar jama'a a cikin ayyukan buɗaɗɗen tushe daban-daban kuma daga cikimafi mahimmanci shine wanda aka samu a cikin ɗakin karatu na cryptographic na OpenSSL, wanda ke haifar da bug a cikin aiwatar da adder a cikin aikin BN_mod_exp, wanda ke haifar da sakamakon da ba daidai ba na aikin squaring.
An riga an lissafta matsalar a ƙarƙashin CVE-2021-4160 kuma kawai yana faruwa akan kayan masarufi dangane da gine-ginen MIPS32 da MIPS64 kuma zai iya yin sulhu da algorithms masu lanƙwasa, gami da waɗanda aka yi amfani da su ta tsohuwa a cikin TLS 1.3. An daidaita batun a cikin sabuntawar Disamba zuwa OpenSSL 1.1.1m da 3.0.1.
Bugu da ƙari, an lura cewa aiwatar da hare-hare na ainihi don samun bayanai game da maɓallan masu zaman kansu ta amfani da matsala da aka gano ana la'akari da RSA, DSA da Diffie-Hellman (DH, Diffie-Hellman) algorithm kamar yadda zai yiwu, amma mai yiwuwa, mai wuyar gaske. aiwatar da aiwatarwa kuma yana buƙatar manyan albarkatun kwamfuta.
A lokaci guda, an cire hari kan TLS, kamar a cikin 2016, lokacin da aka cire raunin CVE-2016-0701 kuma an hana raba maɓalli na sirri na DH ta abokan ciniki.
Wani rauni wanda aka saukar shine CVE-2022-0330 kuma an gano a ciki i915 graphics direba mai alaƙa da rashin sake saitin GPU TLB. Idan ba a yi amfani da IOMMU (fassarar adireshin) ba, rashin lahani yana ba da damar samun dama ga shafukan da bazuwar ƙwaƙwalwar ajiya daga sararin mai amfani.
Matsalar ana iya amfani da shi don lalata ko karanta bayanai daga wuraren ƙwaƙwalwar ajiya bazuwar. Batun yana faruwa akan duk haɗin gwiwar Intel GPUs masu hankali. Ana aiwatar da gyaran ta hanyar ƙara tilas TLB flush kafin kowane GPU buffer postback aiki zuwa tsarin, wanda zai haifar da lalacewar aiki. Tasirin aiki ya dogara da GPU, ayyukan da aka yi akan GPU, da nauyin tsarin. Gyaran yana samuwa kawai azaman faci.
an kuma samu rashin lahani a cikin ɗakin karatu na Glibc misali C wanda ke shafar ayyukan hanyar gaske (CVE-2021-3998) da samuncwd (CVE-2021-3999). Matsalolin da ke cikin hanyar () an kwatanta da abin da ke faruwa ta hanyar dawo da ƙima mara inganci a ƙarƙashin wasu sharuɗɗa, wanda ya ƙunshi bayanan da ba su da tsabta daga tari. Don tsarin SUID-tushen fusermount, za a iya amfani da rauni don samun mahimman bayanai daga ƙwaƙwalwar aiki, misali, don samun bayanai game da masu nuni.
Matsala tare da getcwd() tana ba da izinin buffer mai-byte ɗaya. Matsalar ta samo asali ne ta hanyar kwaro da ta kasance tun 1995. Don kiran ambaliya, a cikin wani wuri daban na sunan wurin dutse, kawai a kira chdir() akan directory "/". Ba a bayar da rahoton ko raunin ya iyakance ga aiwatar da kurakurai ba, amma an sami lokutan yin aiki don irin wannan raunin a baya, duk da shakku daga masu haɓakawa.
Na sauran raunin waɗanda aka gano kwanan nan a cikin ayyukan buɗaɗɗen tushe:
- Daidaitawa BAKU-2022-23220: a cikin fakitin usbview wanda ke ba masu amfani da gida damar shiga ta hanyar SSH don gudanar da lamba azaman tushen, saboda saitin (allow_any = eh) a cikin ka'idodin PolKit don gudanar da mai amfani da usbview azaman tushen ba tare da tantancewa ba. Aiki yana tafe zuwa amfani da zaɓin “–gtk-module” don loda ɗakin karatu na ku zuwa usbview. An gyara matsalar a usbview 2.2.
- Daidaitawa CVE-2022-22942:en vmwgfx graphics direban da aka yi amfani da shi don aiwatar da hanzarin 3D a cikin mahallin VMware. Batun yana ba mai amfani mara gata damar samun damar fayilolin da wasu matakai suka buɗe akan tsarin. Harin yana buƙatar samun dama ga na'urar /dev/dri/card0 ko /dev/dri/rendererD128 da ikon yin kiran ioctl() tare da mai bayanin fayil ɗin da aka samu.
- Ularfafawa CVE-2021-3996 y CVE-2021-3995: a cikin ɗakin karatu na libmount da aka bayar tare da kunshin util-linux wanda ke ba da damar mai amfani mara gata don hawa sassan diski ba tare da izini ba. An gano matsalar yayin binciken tushen shirye-shiryen SUID umount da fusermount.