Jiya An saki bayanai game da yanayin rauni a cikin kwayar Linux kuma wanda tuni aka lakafta shi a matsayin CVE-2021-3609. Wannan yanayin rauni bawa mai amfani na gari damar daukaka gatan su akan tsarin saboda yanayin tsere a cikin aiwatar da yarjejeniyar CAN BCM kuma an bayyana a cikin sifofin 2.6.25 zuwa 5.13-rc6 na kwayar Linux.
Hukuncin yana cin nasara saboda CAN BCM yarjejeniya zata baka damar rajistar manajan sakon ka na cibiyar sadarwar yankin mai kula (CAN) kuma haɗa ta da takamaiman bututun. Lokacin da saƙo mai shigowa ya zo, ana kiran aikin bcm_rx_handler () mai kai hari na iya amfani da yanayin tsere kuma ya tilasta soket ɗin cibiyar sadarwa rufe yayin aiwatarwa bcm_rx_handler ().
Matsalar na zuwa lokacin da soket din ke rufe kuma ana kiran aikin bcm_saki (), a cikin abin da aka ba da ƙwaƙwalwar ajiya don tsari bcm_op da bcm_sock, wannan ci gaba da amfani da shi a cikin mai kulawa bsyeda_zainab () wanda ke gudana har yanzu, saboda haka halin da ake ciki ya haifar wanda ke haifar da samun dama ga toshe ƙwaƙwalwar da aka riga aka 'yanta (amfani-bayan-kyauta).
Wannan sanarwa ne game da bug da aka ruwaito kwanan nan (CVE-2021-3609) a cikin yarjejeniyar hanyar sadarwa ta CAN BCM a cikin kernel na Linux wanda ya fara daga sigar 2.6.25 zuwa babban layi na 5.13-rc6.
Raunin yanayin yanayi ne na tsere a cikin net / can / bcm.c wanda ke ba da damar haɓaka gata zuwa tushe. Da farko syzbot ne ya ba da rahoton matsalar kuma Norbert Slusarek ya tabbatar da kasancewa mai amfani.
Harin ya faɗi don buɗe ɗakuna biyu na CAN BCM kuma ya ɗaure su zuwa ga hanyar vcan. A mahaɗin farko, ka kira aikawa () tare da mai nuna alama RX_SETUP don saita mai sarrafawa don saƙonnin CAN masu shigowa kuma akan mahaɗin na biyu, kuna kira aikawa () don aika saƙo zuwa mahaɗin farko.
Bayan sakon ya shigo, kiran bcm_rx_handler () yana jawo kuma maharin ya dauki lokacin da ya dace sannan ya rufe soket din farko, wanda ke kaiwa ga ƙaddamar da sakin fuska () da ƙaddamar da tsarin bcm_op da bcm_sock, kodayake aikin bcm_rx_handler () ba a kammala ba tukuna
Ta hanyar sarrafa abubuwan bcm_sock, mai kai hari zai iya jujjuya mahimmin abu zuwa aikin sk-> sk_data_ready (sk), sake aiwatar da shi, kuma, ta amfani da dabarun shirye-shiryen dawo da daidaitaccen tsari (ROP), ya rinjayi matakan modprobe_path kuma ya sanya lambar sa ta zama tushen .
Lokacin amfani da fasahar ROP, maharin ba ya ƙoƙarin sanya lambar sa a cikin ƙwaƙwalwar amma yana aiki a kan guda na umarnin injina sun riga sun kasance a cikin ɗakunan karatu da aka ɗora, wanda ya ƙare tare da bayanin dawo da iko (a matsayinka na ƙa'ida, waɗannan su ne ƙarshen ayyukan ɗakin karatu)
Za'a iya samun izini da ake buƙata don aiwatar da hari ta hanyar mai amfani mara izini a cikin kwantenan da aka ƙirƙira akan tsarin tare da kunna wuraren sunayen mai amfani. Misali, an sanya wuraren sunayen mai amfani da tsoho a cikin Ubuntu da Fedora, amma ba a kunna cikin Debian da RHEL ba.
Attemptoƙarin amfani na na mai da hankali kan kernels tare da sigar> = 5.4-rc1 daga aikata bf74aa86e111. Ban bincika yin amfani da kernel da suka girmi 5.4-rc1 ta amfani da ɗawainiya ba, duk da haka yin amfani da tsofaffin kernels yana yiwuwa kuma.
An ambata cewa mai binciken wanda ya gano raunin ya iya shirya amfani don samun haƙƙin tushen tushen tsarin tare da kernels daga sigar 5.4 da daga baya, gami da yiwuwar cin nasara kai hari kan Ubuntu 20.04.02 LTS.
Aikin amfani da shi ya ragu zuwa gina jerin kira zuwa kwatankwacin tubalan ("na'urori") don samun aikin da ake buƙata. Harin yana buƙatar samun dama don ƙirƙirar ɗakunan kwalliyar CAN da ƙirar hanyar sadarwa ta hanyar vcan.
Finalmente an ambaci cewa har yanzu matsalar ta ci gaba a kan yawancin rarrabawa, amma yana da 'yan kwanaki kafin a sake alamun da ke daidai.
Idan kuna sha'awar ƙarin sani game da shi, zaka iya tuntuba mahada mai zuwa.