3 kudzvinyirira muLinux kernel inobvumira mukana wekuwedzera

Pakati pevhiki yekupedzisira, nhau nezve nhamo nhatu dzakaburitswa kuti hutatu hutatu hwakaonekwa muLinux kernel izvo zvinogona kubvumidza mushandisi wemuno kukwidziridza rombo ravo pasystem.

Imwe yeasina kushupika (CVE-2021-26708) yakawanikwa mune iyo socket kuitiswa ne AF_VSOCK kugadzirisa, yakagadzirirwa kuitirana network pakati pevaenzi uye inomiririra kunyorera. Dambudziko rinokonzerwa nemamiriro ezvinhu emujaho kana uchigadzira makiyi ekubata kutakura kwakawanda (VSOCK kutakura kwakawanda).

Iye muongorori akacherekedza kusagadzikana kunonzi kwakagadzira chinoshanda iyo inokutendera iwe kuti uwane midzi midzi paFedora Server 33, kupfuura iyo SMEP (Supervisor Mode Kuuraya Kudzivirira) uye SMAP (Supervisor Mode Access Kudzivirira) nzira dzekudzivirira. Iyo yekushandisa kodhi ichazoburitswa mushure mekupararira kwese kwekuvandudzwa.

Kushushikana kwakaonekwa kubvira v5.5-rc1 uye kwave kugadziriswa mune yekuvandudza 5.10.13. PaRHEL, dambudziko rinongoratidzika kubvira vhezheni 8.3 (kernel 4.18.0-240), iyo yakaunza rutsigiro rweVSOCK. Iwo akatsiga matavi eDebian uye SUSE haana kukanganiswa nedambudziko. PaUbuntu, chimiro chekusagadzikana hachisati chagadziriswa.

Imwe njodzi yakashumwa ndeye (CVE-2021-3347) chii inogona kubvumira kernel level kodhi kuitiswa kuburikidza neexex manipulation. Dambudziko rinokonzereswa nekuwana iyo yakatosunungurwa memory memory (use-after-free) uchibata chakasarudzika.

Iko hakuna ruzivo parizvino nezve kuvapo kwekushandisa, asi kushandiswa kweiyo yekare futex kushomeka CVE-2014-3153, yakawanikwa muna 2014, yakaonekwa mumwedzi wapfuura, inogona kuratidza mukana wekushandisa iri boka rematambudziko.

Dambudziko ravepo kubvira 2008 uye rinogona kukanganisa kugovera kwese. Iyo kusagadzikana kwave kutogadziriswa muSUSE, Fedora, uye zvishoma muDebian. PaUbuntu neRHEL, dambudziko harisati ragadziriswa izvozvi.

Kugadzirisa nyaya yakamira-refu apo nzvimbo yemushandisi iri chikamu chemberi haigone kunyorerwa. Iyo kernel inodzoka iine mamiriro asingaenderane ayo anogona, mune zvakaipisisa mamiriro, kukonzeresa UAF yeakarongedzwa basa kernel.

Mhinduro ndeyekuseta inowirirana kernel nyika inoita kuti ramangwana mashandiro mune iyo futex ikundikane nekuti mushandisi nzvimbo uye kernel mamiriro enzvimbo haapindirane. Haisi dambudziko sezvo PI inoshanda zvakanyanyisa inoda inoshanda RW mepu uye kana mushandisi nzvimbo
dhonza rugi pasi payo, ipapo unogona kubvisa zvidimbu zvawakaraira.

Yekupedzisira yekusagadzikana yakashumwa ndeye (CVE-2021-20226en iyo asynchronous I / O interface io_uring, inokonzerwa nekuwana block of memory yatosunungurwa (use-after-free) uku uchigadzirisa zvitsananguro zvefaira nekuda kwekusavimbika kwekuvapo kwechinhu usati waita IORING_OP_CLOSE mashandiro.

Sekureva kwaRed Hat, kusagadzikana kunogumira pakuramba sevhisi kana kuyeuka kwendangariro yekernel, asi zvinoenderana neZero Day Initiative, kushomeka kunobvumira mushandisi wemuno kuti aite kodhi padanho re kernel.

Chikanganiso chekushandisa-chemahara chakawanikwa muio_ing muLinux kernel, uko munhu anorwisa wemuno ane mukana wevashandisi anogona kukonzera kuramba kwedambudziko rebasa pasisitimu.

Dambudziko rinomuka nekushaikwa kwechokwadi kweichi chinhu usati waita mashandiro pachinhu usinga wedzere referensi remberi faira ichiri kushandiswa.

Kunetseka yakaburitswa kubvira kernel 5.5 uye yakagadziriswa mukernel 5.10.2 (Zvinoenderana nezvimwe zvinyorwa, chigamba chakabatanidzwa nekubviswa kwekushushikana mu kernel 5.9-rc1). Dambudziko ratogadziriswa kare muFedora.

Mumatavi akatsiga eRHEL neDebian, dambudziko harioneke. Chimiro chekushupika muUbuntu hachisati chagadziriswa.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mune zvinotevera zvinongedzo.

CVE-2021-26708, CVE-2021-3347, CVE-2021-20226

 


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako