Idan aka yi amfani da su, waɗannan kurakuran na iya ba wa maharan damar samun dama ga bayanai masu mahimmanci ba tare da izini ba ko kuma gabaɗaya haifar da matsala
Kwanan nan an fitar da labari cewa an gano wasu lalurar a cikin mara waya tari (mac80211) na Linux kernel, wasu daga cikinsu mai yiwuwa ba da izinin buffer ambaliya da aiwatar da lambar nesa ta hanyar aika fakitin da aka kera na musamman ta hanyar shiga. Gyaran yana samuwa ne kawai azaman faci ya zuwa yanzu.
Mai binciken tsaro daga TU Darmstadt shine wanda ya kai rahoton matsala ga SUSE mai alaƙa da buffer overwrite a cikin tsarin mac80211 na Linux kernel wanda firam ɗin WLAN ya jawo.
Yayin yin bincike tare da Intel, daSun sami wasu matsaloli da yawa, Abin da ya sa waɗannan al'amuran tsaro na WiFi sun fi samun matsala shi ne cewa ana iya amfani da su ta iska ta hanyar fakiti masu ɓarna akan hanyoyin sadarwar mara waya mara amana.
Mun wakilta matsalar ga manyan jami'an tsaro, da Soenke da
Johannes Berg na Intel ya kimanta kuma yayi aiki akan wannan matsalar.A lokacin bincikensu sun sami ƙarin matsaloli da yawa a cikin WLAN
tari, mai amfani da iska.An buga saitin facin zuwa jerin netdev ɗan lokaci kaɗan da suka wuce kuma yana
hade a cikin 'yan sa'o'i / kwanaki masu zuwa.
- CVE-2022-41674: Matsakaicin buffer a cikin cfg80211_update_notlisted_nontrans aikin, yana barin har zuwa 256 bytes da za a sake rubutawa akan tulin. Rashin lahani ya bayyana tun Linux kernel 5.1 kuma ana iya amfani dashi don aiwatar da lambar nesa.
- BAKU-2022-42719: samun damar zuwa wurin ƙwaƙwalwar ajiya da aka riga an saki (amfani bayan kyauta) a cikin lambar tantancewar MBSSID. Rashin lahani yana bayyana tun Linux kernel 5.2 kuma ana iya amfani dashi don aiwatar da lambar nesa. An samo aibi marar amfani a cikin ieee802_11_parse_elems_full a cikin aiki net/mac80211/util.c akan nau'ikan BSSID da yawa. Wannan fitowar tana faruwa yayin tantancewa akan kernel na Linux.
- BAKU-2022-42720: nuni zuwa wani yanki na ƙwaƙwalwar ajiya da aka riga an 'yanta (amfani-bayan-kyauta) a cikin lambar ƙirgawa a cikin BSS (Saifin Sabis na Sabis). Rashin lahani ya bayyana tun Linux kernel 5.1 kuma ana iya amfani dashi don aiwatar da lambar nesa. Maharan gida (masu iya allurar firam ɗin WLAN) na iya amfani da kwaroron ƙididdiga daban-daban a cikin sarrafa BSSs da yawa a cikin tarin mac80211 a cikin Linux kernel 5.1 zuwa 5.19.x kafin 5.19.16 don haifar da yanayin amfani bayan kyauta don yuwuwar aiwatar da lamba.
- BAKU-2022-42721: An samo aibi na cin hanci da rashawa a cikin cfg80211_add_nontrans_list a cikin aikin net/wireless/scan.c a cikin Linux kernel. Yana haifar da lalacewar lissafin BSS yana haifar da madauki mara iyaka. Rashin lahani ya bayyana tun daga Linux kernel 5.1 kuma ana iya amfani da shi don yin musun sabis.
- CVE-2022-42722: An sami kuskure a cikin na'urar P2P akan wifi a cikin ieee80211_rx_h_decrypt a cikin net/mac80211/rx.c a cikin Linux kernel. Matsa lamba mara kyau a lambar kariyar firam ɗin fitila. Ana iya amfani da matsalar don yin ƙin sabis.
Don nuna yiwuwar kai hari cin gajiyar kwarin da aka samu, an buga misalan ƙira que haifar da ambaliya da kuma mai amfani don maye gurbin waɗannan firam ɗin a cikin tari mara waya ta 802.11, yana yiwuwa a aikata gazawar sabis.
An ambaci cewa lahanin sun kasance masu zaman kansu daga direbobin mara waya da ake amfani da su. Ana ɗauka cewa za a iya amfani da abubuwan da aka gano don ƙirƙirar abubuwan aiki don kai hari mai nisa akan tsarin.
Game da gyare-gyaren waɗannan kwari, an ambaci cewa Linus Torvalds ya ɗauki gyare-gyaren tsaro na WiFi waɗanda ake aiki ta hanyar ƙarin sabuntawar hanyar sadarwa don taga haɗin Linux 6.1.
An riga an fitar da facin gyare-gyare kuma an aiwatar da su a cikin tsayayyen jeri kuma a cikin sabuntawa na babban tallafi na rarraba Linux a halin yanzu kuma, bi da bi, yakamata a ɗauka a cikin zagaye na gaba na fitowar maki a cikin kwanaki masu zuwa.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya bincika bayanan a mahada mai zuwa.