10
Kwanakin baya an fitar da labarai cewa An gano lahani biyu a cikin Linux Kernel na farkonsu an riga an rubuta shi azaman CVE-2022-0435 kuma an same shi a cikin tsarin kernel na Linux wanda ke ba da aiki na yarjejeniyar hanyar sadarwa ta TIPC (Transparent Inter-Process Communication).
Wannan yanayin rauni zai iya ƙyale code yayi aiki a matakin kernel ta hanyar aika fakiti zuwa cibiyar sadarwar da aka kera ta musamman.
Matsalar kawai yana shafar tsarin tare da ɗorawa na tipc.ko kernel module kuma an daidaita shi tare da tarin TIPC, wanda galibi ana amfani dashi a cikin gungu kuma ba a kunna shi ta tsohuwa akan rabe-raben Linux na musamman.
Ularfafawa yana faruwa ne ta hanyar tulun da ke faruwa a lokacin sarrafa fakitin, darajar filin tare da adadin nodes membobi na yankin da ya wuce 64.
Don adana sigogi na nodes a cikin tipc.ko module, tsararru tana saita "membobin u32[64]", amma a cikin aiwatar da abin da aka ƙayyade a cikin kunshin. Lambar node ba ta duba ƙimar "member_cnt", wanda ke ba da damar ƙimar da ta fi 64 yin amfani da su don sarrafa rubutun bayanai a cikin yankin ƙwaƙwalwar ajiya da ke ƙasa. tari bayan tsarin "dom_bef".
Ericsson ne ya haɓaka ƙa'idar TIPC ta asali, an ƙera ta don tsara sadarwa tsakanin matakai a cikin gungu kuma ana kunna ta musamman akan nodes na tari. TIPC na iya aiki akan duka Ethernet da UDP (tashar tashar sadarwa 6118).
Lokacin aiki akan Ethernet, ana iya kai hari daga cibiyar sadarwar gida, da kuma lokacin amfani da UDP, daga hanyar sadarwar duniya, idan tashar wuta ba ta rufe tashar jiragen ruwa. Har ila yau, mai amfani na gida zai iya kai harin ba tare da gata ga mai gida ba. Don kunna TIPC, dole ne ka loda tsarin tipc.ko kernel module kuma saita ɗaure zuwa hanyar sadarwa ta hanyar amfani da netlink ko mai amfani na tipc.
An ambata cewa lokacin gina kernel a yanayin "CONFIG_FORTIFY_SRC=y". (amfani da RHEL), wanda ke ƙara ƙarin bincike kan iyakoki zuwa aikin memcpy(), Ana iyakance aiki zuwa tasha na gaggawa (Kernel yana shiga cikin "Kernel Panic").
Idan an gudanar da shi ba tare da ƙarin cak ba kuma bayanai game da tutocin canary da aka yi amfani da su don kare tari yana leka, ana iya amfani da batun don aiwatar da lamba tare da haƙƙin kwaya. Masu binciken da suka gano batun sun ce dabarar cin gajiyar ba ta da yawa kuma za a bayyana bayan yaduwar cutar da ake samu a rarrabawa.
An gabatar da kwaro wanda ya haifar da raunin a ranar 15 ga Yuni, 2016 kuma ya zama wani ɓangare na Linux 4.8 kernel. rauni gyarawa a cikin nau'ikan kernel Linux 5.16.9, 5.15.23, 5.10.100, 5.4.179, 4.19.229, 4.14.266 da 4.9.301.
Wani rauni wanda aka samo a cikin Linux kernel shine CVE-2022-24122 a cikin lambar don kula da ƙuntatawa a wurare daban-daban na masu amfani.
An gabatar da kwaro a cikin canjin da aka ƙara a cikin bazara 2021, motsi aiwatar da wasu ƙididdiga na RLIMIT don amfani da tsarin "ucounts". Abubuwan "ucounts" da aka ƙirƙira don RLIMIT sun ci gaba da amfani da su bayan sun 'yantar da ƙwaƙwalwar da aka ware musu (amfani-bayan-kyauta) ta hanyar cire sunan da ke da alaƙa da su, wanda ya ba da damar samun nasarar aiwatar da matakin kernel na lambar su.
Yin amfani da raunin rauni ta mai amfani mara gata yana yiwuwa ne kawai idan tsarin yana da damar samun dama ga mai gano sunan mai amfani (mara amfani da sunan mai amfani), wanda aka kunna ta tsohuwa a cikin Ubuntu da Fedora. , amma ba a kunna shi akan Debian da RHEL ba.
A matsayin hanyar da za a bi don toshe raunin, za ka iya musaki damar shiga marar gata zuwa sararin sunan mai amfani:
sysctl -w kernel.unprivileged_userns_clone=0
Matsalar ya kasance tun daga Linux kernel 5.14 kuma za a gyara su a cikin sabuntawar 5.16.5 da 5.15.19. Tsayayyen rassan Debian, Ubuntu, SUSE/openSUSE da RHEL ba su shafi batun ba, amma suna bayyana a cikin sabbin kwayoyin Fedora da Arch Linux.