'Yan kwanaki da suka gabata Jann Horn na ƙungiyar Google Project Zero, wanda a baya ya gano raunin Specter da Meltdown, ya bayyana wata dabara don amfani da rauni samu a cikin Linux kernel sharar tara (CVE-2021-4083).
Ularfafawa yanayin tsere ne ya haifar da shi lokacin da aka share kwatancen fayilolin socket na unix kuma mai yuwuwar baiwa mai amfani na gida mara gata damar aiwatar da lambar ku a matakin kernel.
Matsalar yana da ban sha'awa saboda taga lokaci a lokacin da yanayin tseren ke faruwa an tantance shi da kankanta don haifar da lahani na gaske, amma marubucin binciken ya nuna cewa ko da farkon rashin tabbas na iya zama tushen hare-haren gaske idan mahaliccin raunin yana da basira da lokaci.
Yan Horn ya nuna yadda, tare da taimakon manipulations na filigree, yana yiwuwa a rage yanayin Lamarin tseren da ke faruwa lokacin kiran kusa () da fget() ayyuka a lokaci guda zuwa cikakken amfani-bayan rashin lahani na kyauta da samun damar yin amfani da tsarin bayanan da aka rigaya a cikin kwaya.
Yanayin tsere yana faruwa yayin aiwatar da rufe bayanin fayil yayin kiran ayyukan kusa () da fget() a lokaci guda. Za a iya aiwatar da kiran don rufe() kafin a aiwatar da fget(), wanda zai rikitar da mai tara kayan ba a yi amfani da shi ba saboda, bisa ga sake ƙididdigewa, tsarin fayil ɗin ba zai sami nassoshi na waje ba, amma zai ci gaba da kasancewa a maƙala da mai siffanta fayil ɗin, watau mai tattara shara zai ɗauka cewa yana da keɓantaccen damar yin amfani da tsarin, amma a zahiri na ɗan lokaci kaɗan. sauran shigarwar a cikin tebur mai bayanin fayil zai ci gaba da nuna cewa ana sakin tsarin.
Don ƙara yuwuwar shiga yanayin tsere, an yi amfani da dabaru da yawa waɗanda ke ba da damar haɓaka yuwuwar nasara na hannun jari a 30% lokacin yin takamaiman tsarin ingantawa. Misali, don haɓaka lokacin samun dama ga tsari tare da masu bayanin fayil ta ɗaruruwan nanoseconds da yawa, an fitar da bayanan daga cikin cache na sarrafawa ta hanyar gurɓata cache tare da aiki akan wani tushen CPU, wanda ya ba da damar dawo da tsarin daga ƙwaƙwalwar ajiya kuma ba cache na CPU mai sauri ba.
Siffa mai mahimmanci ta biyu fue amfani da katsewar da na'ura mai ƙidayar lokaci ke haifarwa don ƙara lokacin tseren. An zaɓi lokacin don mai kula da katse ya yi harbi yayin faruwar yanayin tseren kuma ya katse aiwatar da code na ɗan lokaci. Don ƙara jinkirta dawowar sarrafawa, epoll ya haifar da kusan shigarwar 50 a cikin jerin gwanon, wanda ke buƙatar maimaitawa a cikin mai sarrafa katsewa.
Dabara raunin amfani An bayyana bayan kwanaki 90 na rashin bayyanawa. Matsalar
kuma an gyara shi a farkon watan Disamba. An haɗa gyaran a cikin kernel 5.16 kuma an koma zuwa rassan LTS na kwaya da fakitin tare da kernel da aka kawo a cikin rarrabawa. Ya kamata a lura cewa an gano raunin yayin nazarin irin wannan batu CVE-2021-0920, wanda ke bayyana kansa a cikin mai tattara shara lokacin sarrafa tutar MSG_PEEK.
Wani raunin da aka samu kwanan nan a cikin Linux kernel, shine CVE-2022-0742 que zai iya ƙetare sararin ƙwaƙwalwar ajiya kuma yana haifar da ƙin sabis ta hanyar aika fakiti na icmp6 na musamman. Batun yana da alaƙa da ƙwanƙwasa ƙwaƙwalwar ajiya da ke faruwa lokacin sarrafa saƙonnin ICMPv6 tare da nau'ikan 130 ko 131.
Matsalar tana nan tun kernel 5.13 kuma an gyara shi a cikin nau'ikan 5.16.13 da 5.15.27. Batun bai shafi Debian, SUSE, Ubuntu LTS (18.04, 20.04) da RHEL barga rassan ba, an daidaita shi akan Arch Linux.
Finalmente idan kuna sha'awar ƙarin sani game da shi na bayanin kula, zaku iya duba cikakkun bayanai a ciki mahada mai zuwa.