Kwanan nan Mun raba a nan a kan blog labarai game da sha'awar da Microsoft ya nuna game da tsarin tsarin eGMP, Tunda ta gina wani tsari na Windows wanda ke amfani da hanyar nazarin tsayayyen fassarar, wanda, idan aka kwatanta shi da mai duba eBPF na Linux, yana nuna ƙimar ƙarya mara kyau, tana tallafawa ƙirar ƙira, kuma yana ba da ƙima mai kyau.
Hanyar tana la'akari da yawancin ayyukan kwaikwayon da aka samo daga nazarin shirye-shiryen eBPF na yanzu. Wannan tsarin eBPF an haɗa shi a cikin kwayar Linux tun daga sigar 3.18 da ba ka damar aiwatar da fakitin hanyar sadarwa masu shigowa / masu fita, jakunkunan turawa, sarrafa bandwidth, kiran sakonnin waya, kula da samun dama, da aiwatar da saiti.
Kuma wannan magana ne game da shi, kwanan nan aka bayyana cewa an gano sababbin rauni guda biyu a cikin tsarin tsarin eBPF, wanda ke ba ka damar tafiyar da direbobi a cikin kwayar Linux a cikin keɓaɓɓiyar mashiniyar JIT.
Duk raunin biyu yana ba da damar gudanar da lambar tare da haƙƙin haƙori, a wajen keɓaɓɓen eBPF na'ura mai kama da juna.
Bayani game da matsalolin kungiyar Zaman Day Initiative ta wallafa shi, wanda ke gudanar da gasar Pwn2Own, wanda a wannan shekarar an nuna hare-hare uku a kan Ubuntu Linux, a inda aka yi amfani da yanayin rashin lafiyar da ba a sani ba a baya (idan raunin da ke cikin eBPF yana da alaka da wadannan hare-hare ba a bayar da rahoto ba).
An gano cewa eBPF ALU32 ya iyakance bin diddigin ayyukan kaɗan (DA, KO kuma XOR) ba a sabunta iyakokin 32-bit ba.
Manfred Paul (@_manfp) na ƙungiyar RedRocket CTF (@redrocket_ctf) da ke aiki tare da shiNdaddamarwar Zero Day ta Trend Micro ta gano cewa wannan yanayin rauni ne ana iya canza shi zuwa iyakokin karatu da rubutu a cikin kwaya. Wannan ya kasance ruwaito kamar ZDI-CAN-13590 kuma an ba shi CVE-2021-3490.
- BAKU-2021-3490: Rashin lafiyar ya samo asali ne saboda rashin tabbatacciyar hanya don kimar 32-bit yayin aiwatar da bitar AND, KO da XOR akan eBPF ALU32. Wani mai kawo hari zai iya amfani da wannan kwaro don karantawa da rubuta bayanai a waje da iyakar abin da aka ware. Matsalar ayyukan XOR ta kasance tun kernel 5.7-rc1, kuma DA kuma KO tun 5.10-rc1.
- BAKU-2021-3489: Rashin lafiyar ya samo asali ne ta hanyar kwaro a cikin aiwatar da buffer kuma yana da nasaba da cewa aikin bpf_ringbuf_reserve bai bincika yiwuwar cewa girman yankin da aka ware ba ya da yawa fiye da ainihin girman maɓallin ringbuf. Matsalar ta fito fili tun fitowar 5.8-rc1.
Har ila yau, haka nan za mu iya lura da wani yanayin rauni a cikin kwayar Linux: CVE-2021-32606, wanda bawa mai amfani na gari damar daukaka gatarsu zuwa matakin tushe. Matsalar ta bayyana kanta tunda kwayar Linux ta 5.11 kuma ta samo asali ne sakamakon yanayin tsere a aiwatar da yarjejeniyar CAN ISOTP, wanda ke ba da damar canza sigogin ɗaurewar sarkar saboda rashin daidaitawar makullin da ya dace a cikin isotp_setsockopt () lokacin da ake sarrafa tuta CAN_ISOTP_SF_BROADCAST.
Da zarar soket, ISOTP ya ci gaba da ɗaure a ramin mai karɓar, wanda zai iya ci gaba da amfani da sifofin da ke haɗe da soket ɗin bayan an saki memorywa memorywalwar ajiya mai amfani (ba-amfani-bayan-kyauta saboda kiran tsarin isotp_sock tuni na sake shi lokacin da na kirasotp_rcv(). Ta hanyar sarrafa bayanai, zaku iya shawo kan madogara zuwa aikin sk_error_report () kuma gudanar da lambarka a matakin kwaya.
Ana iya bin diddigin matsayin gyara don raunin abubuwa a cikin waɗannan shafukan: Ubuntu, Debian, RHEL, Fedora, SUSE, Arch).
Hakanan ana samun gyaran a matsayin faci (CVE-2021-3489 da CVE-2021-3490). Amfani da matsalar ya dogara da samuwar kira zuwa tsarin eBPF don mai amfani. Misali, a cikin saitunan da aka saba akan RHEL, yin amfani da yanayin rauni yana buƙatar mai amfani don samun damar CAP_SYS_ADMIN.
Finalmente idan kanaso ka kara sani game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.