Vakawana kusagadzikana muiyo eBPF subsystem iyo inobvumidza kuitiswa kwekodhi padanho rekernel 

Munguva pfupi yapfuura isu tinogovana pano pa blog nhau nezve kufarira izvo Microsoft yakaratidza nezve subsystem eGMP, Sezvo yakavaka subsystem yeWindows iyo inoshandisa isinganzwisisike dudziro static yekuongorora nzira, iyo, kana ichienzaniswa neEBPF yekutarisa yeLinux, inoratidza yakaderera nhema nhema rate, inotsigira loop kuongorora, uye inopa yakanaka scalability.

Maitiro acho anotarisisa akawanda akajairika maitiro maitiro akawanikwa kubva kuongororwa kweanenge aripo eBPF zvirongwa. Iyi eBPF subsystem yakaverengerwa muLinux kernel kubvira vhezheni 3.18 uye Iyo inokutendera iwe kugadzirisa inouya / ichibuda network mapaketi, kutumira mapaketi, kudzora bandwidth, kubvisa system mafoni, kudzora kuwana uye kuongorora.

Uye ndiko kutaura nezvazvo here, zvakaziviswa nguva pfupi yadarika izvo kusagadzikana kutsva kutsva kwakaonekwa mune iyo subsystem eBPF, iyo inobvumidza iwe kumhanyisa madhiraivha mukati meLinux kernel mune yakakosha JIT chaiyo muchina.

Zvese kushupika zvinopa mukana wekumhanyisa kodhi nekernel kodzero, kunze kweiyo yakasarudzika eBPF chaiyo muchina.

Mashoko nezvematambudziko yakaburitswa neboka reZero Day Initiative, iyo inomhanyisa makwikwi ePwn2Own, panguva iyo gore rino kurwiswa katatu paUbuntu Linux kwakaratidzwa, mune izvo zvisati zvambozivikanwa kusagadzikana kwakashandiswa (kana kushomeka kuri muIBPF kune hukama nekurwiswa uku hakuna kutaurwa).

Izvo zvakaonekwa kuti iyo eBPF ALU32 muganho wekutevera kune zvishoma maitiro (Uye, OR uye XOR) 32-bit muganho hauna kuongororwa.

Manfred Paul (@_manfp) wechikwata cheRedRocket CTF (@redrocket_ctf) achishanda nayeTrend Micro's Zero Day danho rakaona kuti kunetseka uku inogona kushandurwa kuti ive kunze kwemiganhu kuverenga uye kunyora muiyo kernel. Izvi zvave zviripo yakataurwa seZDI-CAN-13590 uye yakapihwa CVE-2021-3490.

  • CVE-2021-3490: Iyo kukuvadzwa kunokonzerwa nekushayikwa kwekunze-kwe-kwemabhodhi kuongororwa kwe32-bit tsika kana uchiita zvishoma uye, kana OR uye XOR mashandiro pane eBPF ALU32. Anorwisa anogona kutora mukana weichi chipenga kuverenga nekunyora dhata kunze kwemiganhu yebhaji yakapihwa. Dambudziko nemabasa eXOR anga aripo kubvira kernel 5.7-rc1, uye AND uye OR kubva 5.10-rc1.
  • CVE-2021-3489: Iko kunetseka kunokonzerwa nebug mune yekumisikidza buffer yekumisikidza uye inoenderana nenyaya yekuti iyo bpf_ringbuf_reserve basa haina kutarisa kuti ingangoita kuti saizi yenzvimbo yakapihwa ndangariro nzvimbo iri diki pane saizi chaiyo yeiyo ringbuf buffer. Dambudziko rave pachena kubvira pakaburitswa 5.8-rc1.

Uyewo, isu tinogona zvakare kuona kumwe kunetseka muLinux kernel: CVE-2021-32606, iyo inobvumira mushandisi wemuno kukwidziridza rombo ravo padanho remidzi. Dambudziko rinozviratidza kubva paLinux kernel 5.11 uye inokonzerwa nemamiriro ezvinhu emujaho mukumisikidzwa kweCAN ISOTP protocol, izvo zvinoita kuti zvikwanise kushandura masokisi anosunga parameter nekuda kwekushaikwa kwekugadziriswa kwemakiwo akakodzera mu isotp_setsockopt () apo mureza unogadziriswa UNOGONA_ISOTP_SF_BROADCAST.

Kamwe iyo socket, ISOTP Inoenderera ichisunga kune inogamuchira socket, iyo inogona kuenderera ichishandisa zvimiro zvine chekuita nesokisi mushure meye inosanganisirwa ndangariro yasunungurwa (use-after-free nekuda kwechimiro chekufona isopt_sock yakatoburitswa pandinofonasotp_rcv(). Nekunyepera data, iwe unogona kudarika iyo pointer kune basa sk_error_report () uye unomhanya kodhi yako padanho re kernel.

Mamiriro ekugadziriswa kwekusasimba mukugovera anogona kuteverwa pamapeji aya: Ubuntu, Debian, RHEL, Fedora, suse, Arch).

Iko kugadzirisa kunowanikwawo sematehwe (CVE-2021-3489 uye CVE-2021-3490). Iko kushandiswa kwechinetso kunoenderana nekuwanikwa kwekufona kune eBPF system yemushandisi. Semuenzaniso, mune yakasarudzika marongero paRHEL, kushandisa kusagadzikana kunoda kuti mushandisi ave neCAP_SYS_ADMIN mikana

Finalmente kana iwe uchida kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako