Yakaona tsikidzi muLinux inonhonga marara iyo inogona kutungamira mukukwira kweropafadzo 

systemd kudzvinyirirwa

Mazuva mashoma apfuura Jann Horn wechikwata cheGoogle Project Zero, uyo akamboziva kusakwana kweSpecter uye Meltdown, akafumura nzira yekushandisa kusazvibata inowanikwa muLinux kernel muunganidzi wemarara (CVE-2021-4083).

Kunetseka inokonzerwa nemamiriro erudzi apo unix socket faira zvinotsanangura zvinocheneswa uye zvingangobvumira mushandisi wemuno asina rusarura kuti aite kodhi yako padanho re kernel.

Dambudziko inonakidza nekuti nguva hwindo panguva iyo mamiriro emujaho anoitika akaonekwa seakanyanya kudiki kugadzira kushaya simba kwechokwadi, asi munyori wechidzidzo chakaratidza kuti kunyange pakutanga kusava nechokwadi kusava nechokwadi kunogona kuva chitubu chekurwiswa kwechokwadi kana muumbi wekusagadzikana ane unyanzvi hunodiwa uye nguva.

Yann Horn yakaratidza kuti, nerubatsiro rwefirigree manipulations, zvinokwanisika kuderedza mamiriro acho Chiitiko chemujaho chinoitika pakudaidza kuvhara () uye fget () mashandiro panguva imwe chete kune yakashandiswa zvizere-mushure mekusununguka kusagadzikana uye kuwana mukana kune yakatosunungurwa data chimiro mukati mekernel.

Mamiriro erudzi anoitika panguva yekuvhara faira descriptor uchidaidza kuvhara () uye fget () mabasa panguva imwe chete. Kufona kwekuvhara () kunogona kuitwa fget () isati yaitwa, izvo zvinovhiringa muunganidzi wechinhu. isina kushandiswa nekuti, maererano nerefcount, iyo faira chimiro hachizove nekunze mareferenzi, asi icharamba yakanamatira kune iyo faira descriptor, i.e. muunganidzi wemarara achafunga kuti ane mukana wakasarudzika kune chimiro, asi chokwadi kwenguva pfupi, iyo yakasara yekupinda mufaira descriptor table icharamba ichiratidza kuti chimiro chiri kusunungurwa.

Kuwedzera mukana kupinda munhangemutange, nzira dzakawanda dzakashandiswa dzaibvumira kuwedzera mukana wekubudirira yekubata pa30% paunenge uchiita chaiyo optimizations system. Semuenzaniso, kuwedzera nguva yekuwana kune chimiro chine faira descriptors nemazana akati wandei nanoseconds, iyo data yakaburitswa kunze kwe processor cache nekusvibisa cache nebasa pane imwe CPU musimboti, izvo zvakaita kuti zvikwanise kudzorera chimiro kubva mundangariro uye. kwete iyo CPU inokurumidza cache.

Chechipiri chakakosha chimiro fue kushandiswa kwekuvhiringidza kunogadzirwa nehardware timer kuwedzera nguva yekumhanya. Nguva yacho yakasarudzwa kuitira kuti mubatisi anovhiringidza apfure panguva yekuitika kwemamiriro emujaho uye kukanganisa kuurayiwa kwekodhi kwechinguva. Kuti uenderere mberi kunonotsa kudzoka kwekutonga, epoll yakagadzira anenge zviuru makumi mashanu ekupinda mumutsara, izvo zvaida kudzokororwa mumubati anovhiringidza.

Unyanzvi vulnerability kushandiswa yakaburitswa mushure memazuva makumi mapfumbamwe ekutadza kuburitswa. Dambudziko

uye yakagadziriswa mukutanga kwaDecember. Iyo gadziriso yakaverengerwa mu5.16 kernel uye zvakare yakatamira kumapazi eLTS ekernel uye mapakeji ane kernel akapihwa mukugovera. Izvo zvinofanirwa kucherechedzwa kuti kusavimbika kwakaonekwa panguva yekuongororwa kwenyaya yakafanana CVE-2021-0920, iyo inozviratidza mumuunganidzi wemarara kana ichigadzira iyo MSG_PEEK mureza.

Imwe njodzi yakawanikwa munguva pfupi yapfuura muLinux kernel, yaive iyo CVE-2022-0742 , que inogona kupedza ndangariro iripo uye nekure kure kukonzera kuramba sevhisi nekutumira akanyatsogadzirwa icmp6 mapaketi. Iyo nyaya ine chekuita nekudonha kwendangariro kunoitika kana uchigadzirisa ICMPv6 mameseji ane mhando 130 kana 131.

Dambudziko rave riripo kubva kernel 5.13 uye rakagadziriswa mushanduro 5.16.13 uye 5.15.27. Iyo nyaya haina kukanganisa Debian, SUSE, Ubuntu LTS (18.04, 20.04) uye RHEL akatsiga matavi, yakagadziriswa paArch Linux.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo zvechinyorwa, unogona kutarisa ruzivo mukati chinotevera chinongedzo.


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako