Mazuva mashoma apfuura nhau dzakaburitswa idzo kusagadzikana kwakazivikanwa muNetfilter (Linux kernel subsystem inoshandiswa kusefa nekugadzirisa network mapaketi), ayo inobvumira mushandisi wemuno kuti awane midzi yemidzi mune systemkunyangwe uchiri mumudziyo wakadzivirirwa.
Iyo CVE-2021-22555 kunetseka idambudziko ravepo kubvira kernel 2.6.19, yakatangwa makore gumi nemashanu apfuura uye iri inokonzerwa nebug muvatyairi IPT_SO_SET_REPLACE uye IP6T_SO_SET_REPLACE, izvo zvinoita kuti buffer ifashukire kana uchitumira zvakashongedzwa parameter kuburikidza neye setsockopt kufona mune compat modhi.
Zvichida vazhinji panguva ino vanoshamisika kuti zvinogoneka sei kuti kukanganisa muLinux kernel kwaigona kuenda kusingaonekwe kwenguva yakareba uye mhinduro kune iyo ndeyekuti kunyangwe iko kukanganisa kwaive kuripo kubvira Linux 2.6.19, kunetseka kwakawanikwa kuburikidza nekodhi odhita, kunyangwe iyo C kodhi yanga isingawanikwe, saka haigone kushandiswa nekuti zviwanikwa zvakakosha zvekusimudzira maropafadzo hazvina kuwanikwa panguva iyoyo.
Semuenzaniso rutsigiro rweasina kusarudzika mushandisi mazita nzvimbo iri mu kernel 3.8. Zvakare, kumwe kugovera kune chigamba chinowedzera sysctl kuremadza isina kuvhurika nzvimbo dzemazita emushandisi.
Pasi pemamiriro ezvinhu akajairwa, chete mudzi mushandisi ndiye anogona kufona compat_setsockopt (), asi mvumo dzinodiwa kuita kurwisa ivo vanogona zvakare kuwanikwa neasina kusununguka mushandisi pane masystem ane mushandisi namespaces akagoneswa.
CVE-2021-22555 ndeyegumi nemashanu yemakore kuturika kunze kweshegi nyora kunetseka muLinux Netfilter iyo ine simba rakaringana kupfuudza ese emazuva ano ekuchengetedza kudzikisira uye kuwana kernel kodhi kuuraya.
Saka nekudaro, zvinotsanangurwa izvo mushandisi wemuno anogona kugadzira mudziyo uine wega mushandisi mushandisi uye kushandisa zvakashata kubva ipapoí. Semuenzaniso, "mushandisi namespaces" inosanganisirwa nekusarudzika muUbuntu neFedora, asi kwete muDebian neRHEL.
Uku kunetseka kunogona kushandiswa nekunyora zvishoma chikamu che
m_list->nextpointermsg_msgchimiro uye kuwana yemahara mushure mekushandisa. Izvi zvine simba zvakakwana kuti uwane kernel kodhi yako inomhanya ichipfuura KASLR, SMAP, uye SMEP.
Zvakare, dambudziko rinomuka mu xt_compat_target_from_user () basa nekuda kwekukanganisa sosi yekuverenga kuverenga kana uchichengetedza kernel zvimiro mushure mekushandurwa kubva pa32-bit kusvika pa64-bit inomiririra.
Saka nekudaro, zvinotaurwa izvo iko kukanganisa kunotendera kunyora mana "zero" mabheti kune chero chinzvimbo kunze kweye buffer yakapihwa, yakatemwa neoffset 0x4C Nekuda kweizvi, zvinotaurwa izvo chiitiko ichi chakazove chakaringana kugadzira chinwiwa iyo inobvumidza kuwana kodzero dzemidzi: nekubvisa m_list-> inotevera pointer mune msg_msg chimiro, mamiriro ekuwana iyo data mushure mekusunungura ndangariro zvakagadzirwa (use-after-free), iyo yakazoshandiswa kuwana ruzivo nezve kero uye shanduko. kune zvimwe zvivakwa nekunyengedza iyo msgsnd () system yekufona.
Nezve iyo ripoti yekukanganisa, sekusagadzikana kwese kwakaonekwa, izvi zvinosanganisira maitiro uye mushumo wakaitwa kune vanogadzira kernel muna Kubvumbi, iyo yakazogadziriswa mumazuva mashoma uye chigamba icho chinosanganisirwa mukugovera kwese kwakatsigirwa, kuitira kuti ruzivo nezve bug rungaburitswe mumashure.
Iyo Debian, Arch Linux, uye Fedora mapurojekiti akatogadzira zvigadzirwa zvepakeji. Kutanga neUbuntu, RHEL uye SUSE mishumo iri mumabasa. Nekuti iko kukanganisa kwakakomba, kushandiswa mukuita uye inobvumira kutiza kubva mumudziyo, Google yakafungidzira kuwanikwa kwayo pamadhora zviuru gumi uye yakapetwa mubairo kune muongorori akaona kushupika uye kuziva nzira yekudzivirira kupatsanura midziyo yeKubernetes pasumbu reKCTF.
Zvekuyedza, prototype inoshanda yekushandisa yakagadzirirwa iyo inodarika nzira dzeKASLR, SMAP uye SMEP dzekudzivirira.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.