An saki masu binciken Cisco Talos 'Yan kwanaki da suka gabata yanayin rauni a cikin kernel na Linux wanda za'a iya amfani dashi don satar bayanai kuma har ila yau ya zama silar haɓaka gata da daidaita tsarin.
Ularfafawa wanda aka bayyana a matsayin 'yanayin bayyanar da bayanai wanda zai iya bawa maharin damar ganin ƙwaƙwalwar ajiyar kwaya. '
CVE-2020-28588 shine yanayin rashin lafiyar hakan gano a cikin na'urorin ARM proc / pid / syscall ayyuka 32-bit na'urorin waɗanda ke gudanar da tsarin aiki. A cewar Cisco Talos, an fara gano matsalar ne a wata na’urar da ke aiki da Azure Sphere.
Bayanin raunin bayanin ya kasance a cikin / proc / pid / syscall na aikin Linux Kernel 5.1 Stable da 5.4.66. Musamman ma, an gabatar da wannan batun a cikin v5.1-rc4 (ya aikata 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) kuma har yanzu yana nan a cikin v5.10-rc4, don haka ana iya shafan duk matsakaitan sifofin. Wani maƙiyi na iya karanta / proc / pid / syscall don kunna wannan yanayin, sa kernel ya rasa abun cikin ƙwaƙwalwar.
Proc tsari ne na musamman na pseudo-files akan tsarin aiki kamar Unix wanda amfani dasu don samun damar samun damar aiwatar da bayanan aiki samu a cikin kwaya. Ana gabatar da bayanan aiwatarwa da sauran bayanan tsarin a cikin tsari, tsari mai kama da fayil.
Misali, ya ƙunshi ƙananan hukumomi / proc / [pid], kowannensu yana ƙunshe da fayiloli da ƙananan hukumomi waɗanda ke tona bayanai game da takamaiman tsari, ana iya karanta su ta amfani da ID ɗin da ya dace. Dangane da fayil ɗin "syscall", yana da halal ɗin fayil ɗin tsarin aiki na Linux wanda ya ƙunshi rajista na kiran tsarin da kernel ke amfani da shi.
Ga kamfanin, lMasu fashin kwamfuta za su iya amfani da aibi kuma su sami damar tsarin aiki da fayil ɗin syscall ta hanyar tsarin da ake amfani da shi don yin ma'amala tsakanin tsarin bayanan kernel, Proc. Za'a iya amfani da shigowar syscall procfs idan masu fashin kwamfuta suka bayar da umarni don samar da baiti 24 na ƙwaƙwalwar ajiya mara wayewa, wanda ke haifar da ƙetaren kernel address space layout randomization (KASLR)
Idan aka kalli wannan takamaiman aikin, komai yana da kyau, amma yana da kyau a san cewa
argswuce siga ya zo dagaproc_pid_syscallaiki kuma kamar yadda irin wannan shine ainihin nau'in__u64 args. A cikin tsarin ARM, ma'anar aiki yana canza girmanargtsararru a cikin abubuwa byiti huɗu daga baiti takwas (tununsigned longa cikin ARM baiti 4 ne), wanda ke haifar da hakan a cikinmemcpyana kofe cikin bytes 20 (ƙari 4 gaargs[0]).Hakanan, don i386, ina
unsigned longbaiti 4 ne, kawaiargsan rubuta baiti 24 na farko na mahawarar, an bar sauran 24 baiti.A lokuta biyu, idan muka waiwaya kan
proc_pid_syscallaiki.Duk da yake a cikin 32-bit ARM da i386 muna kwafin baiti 24 kawai a cikin
argstsararru, tsarin kirtani yana ƙare karatun baiti 48 dagaargsmatrix, tun da%llxTsarin kirtani baiti takwas ne akan tsarin 32-bit da 64-bit. Don haka baiti 24 na ƙwaƙwalwar ajiya mara tarin ilimi ya ƙare da samun fitarwa, wanda zai iya haifar da kewayewar KASLR.
Masu binciken sun bayyana hakan wannan harin "ba zai yuwu a gano nesa da hanyar sadarwa ba" saboda yana karanta wani halattaccen fayil daga tsarin aiki na Linux. Cisco ya ce "Idan aka yi amfani da shi daidai, wani dan dandatsa zai iya amfani da wannan bayanan da yake malaba don cin nasarar wasu abubuwan da ya shafi Linux,
Dangane da wannan, Google kwanan nan ya ce:
“Kuskuren tsaro na ƙwaƙwalwar ajiya galibi na barazana ga tsaron na’urorin, musamman aikace-aikace da tsarin aiki. Misali, a cikin tsarin wayar salula na Android kuma wanda kernel na Linux ke tallafawa, Google ya ce ya gano cewa fiye da rabin matsalolin rashin tsaro da aka magance a shekarar 2019 sakamakon kwaroron tsaro ne na ƙwaƙwalwa.
Karshe amma ba kalla ba An ba da shawarar sabunta sigogi 5.10-rc4, 5.4.66, 5.9.8 na kernel na Linux, tunda An gwada wannan yanayin rauni kuma an tabbatar dashi don iya amfani da waɗannan sigar na kernel na Linux.
Finalmente idan kuna sha'awar ƙarin sani game da shi Game da gidan waya, zaku iya bincika cikakkun bayanai a cikin bin hanyar haɗi.