Nhasi ruzivo rwakaburitswa nezve kunetseka muLinux kernel uye iyo yatove yakanyorwa seCVE-2021-3609. Uku kunetseka inobvumira mushandisi wemuno kukwidziridza rombo ravo pachirongwa nekuda kwemamiriro ezvinhu emujaho mukuitwa kweiyo CAN BCM protocol uye yakaratidzwa mushanduro 2.6.25 kusvika 5.13-rc6 yeLinux kernel.
Mutongo unotora mukana nekuti iyo CAN BCM protocol inobvumidza iwe kunyoresa yako wega meseji maneja yenzvimbo yemutungamiriri yenzvimbo (CAN) uye ibatanidze kune yakasarudzika socket socket. Kana meseji inopinda yasvika, basa rinodaidzwa bcm_rx_handler () anorwisa anogona kutora mukana wemujaho mamiriro uye kumanikidza netiweki socket kuvhara kana uchiita bcm_rx_handler ().
Dambudziko rinouya kana socket yakavharwa uye basa racho rinodaidzwa bcm_release (), mune iyo ndangariro yakapihwa zvivakwa inosunungurwa bcm_op uye bcm_sock, izvo zvinoramba zvichishandiswa mubati bcm_rx_handler () iyo ichiri kumhanya, nekudaro mamiriro anomuka anotungamira mukuwana kune yakatosunungurwa memory block (use-after-free).
Ichi chiziviso cheiyo ichangobva kutaurwa bug (CVE-2021-3609) muCAN BCM network protocol muLinux kernel kubva pane vhezheni 2.6.25 kusvika mainline 5.13-rc6.
Iyo kushushikana ndeye mamiriro emujaho mumambure / can / bcm.c iyo inobvumira rombo rakanaka kuwedzera kumidzi. Dambudziko rakatanga kutaurwa ne syzbot uye Norbert Slusarek airatidza kuti anoshandiswa.
Kurwiswa kunovira kusvika pakuvhura masokisi maviri eCAN BCM uye kuasunga kune iyo vcan interface. Mune yekutanga yekubatanidza, iwe unosheedza sendmsg () nechinongedzo RX_SETUP kugadzirisa iyo controller yeinouya mameseji eCAN uye pane yechipiri chinongedzo, iwe unosheedza sendmsg () kutumira meseji kune yekutanga yekubatanidza.
Mushure mekunge meseji yasvika, iyo bcm_rx_handler () kufona kunokonzereswa uye anorwisa anotora nguva chaiyo ndokuvhara socket yekutanga, iyo inotungamira kune kuvhurwa kwe bcm_release () uye kuvhurwa kwezvivakwa bcm_op uye bcm_sock, kunyangwe basa ra bcm_rx_handler () haisati yapera.
Nekunyengedza zvirimo bcm_sock, anorwisa anogona kudarika pointer kune sk-> sk_data_ready (sk) basa, redirect kuuraya, uye, uchishandisa kudzoka-yakatarisana nehurongwa (ROP) matekiniki, kudarika modprobe_path paramende uye kuita kuti kodhi yake imhanye semidzi .
Paunenge uchishandisa nzira yeROP, anorwisa haaedze kuisa kodhi yake mukurangarira, asi inoshanda zvidimbu zve mirairo yemuchina yatovepo mumaraibhurari akatakurwa, kuchipera neshoko rekudzora kudzora (sekutonga, uku ndiko kupera kwemabasa emaraibhurari).
Mvumo dzinodiwa kuti dziite kurwisa dzinogona kuwanikwa nemushandisi asina rombo mumidziyo yakagadzirwa pamasisitimu ane nzvimbo dzevashandisi dzakagoneswa. Semuenzaniso, nzvimbo dzemazita emushandisi dzinosanganisirwa nekusarudzika muUbuntu neFedora, asi haina kugoneswa muDebian neRHEL.
Kuedza kwangu kwekushandisa kunoisa pamatsetse ane vhezheni> = 5.4-rc1 kubva kuzvipira bf74aa86e111. Ini handina kuongorora kushandisa tsanga dzakakura kudarika 5.4-rc1 ndichishandisa tasklet, zvisinei kushandisa zvisvinu zvakare zvinoita kunge zvinoitawo.
Izvo zvinotaurwa kuti iye muongorori akaona kusagadzikana akakwanisa kugadzirira kushandisa kuwana midzi midzi pane masisitimu ane kernels kubva mushanduro 5.4 uye gare gare, kusanganisira mukana wekurwisa zvinobudirira paUbuntu 20.04.02 LTS.
Basa rekushandisa rinoderedzwa kuvaka tcheni yekufona kune akafanana mabhureki ("magajeti") kuti uwane unodikanwa mashandiro. Kurwisa kunoda mukana wekugadzira CAN zvigadziko uye yakagadzirirwa vcan network interface.
Finalmente zvinotaurwa kuti dambudziko richiripo pane zvakawanda zvakagoverwa, asi inyaya yemazuva mazuva zvisati zvasunungurwa zvisati zvasunungurwa
Kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kubvunza chinotevera chinongedzo.