Abaphandi beCisco Talos bakhululwa Zimbalwa iintsuku ezidlulileyo Ukuba sesichengeni seKernel kernel enokuthi ixhaphaze ukuba idatha ibiwe kwaye ikwasebenza njengendlela yokunyusa amalungelo kunye nokubeka esichengeni inkqubo.
Ukuba sesichengeni ichazwe 'njengobungozi bokubhengeza ulwazi enokuvumela umhlaseli ukuba abone inkumbulo yesitaki se kernel. '
I-CVE-2020-28588 sesichengeni sokuba ifunyenwe kwizixhobo ze-ARM proc / pid / syscall ukusebenza I-32-bit eqhuba inkqubo yokusebenza. Ngokuka-Cisco Talos, ingxaki yafunyanwa okokuqala kwisixhobo esisebenzisa i-Azure Sphere.
Ulwazi lokuchazeka kolwazi lukhona kwi / proc / pid / syscall ukusebenza kweLinux Kernel 5.1 Esitalini kunye no-5.4.66. Ngokukodwa, lo mbandela ungenisiwe kwi-v5.1-rc4 (yenza 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) kwaye isekhona kwi-v5.10-rc4, ke zonke iinguqulelo eziphakathi zinokuchaphazeleka. Umhlaseli unokufunda / proc / pid / syscall ukwenza obu bungozi, kubangele ukuba i-kernel ilahle umxholo wenkumbulo.
Inkqubo yenkqubo ekhethekileyo ye-pseudo Kwiinkqubo ezisebenza njenge-Unix isetyenziselwa ukufikelela ngamandla kwinkqubo yedatha ifunyenwe kwikernel. Ukunikezela ngenkqubo yolwazi kunye nolunye ulwazi lwenkqubo kulungelelwaniso, isakhiwo esifana nefayile.
Umzekelo, iqulethe ii-subdirectories / proc / [pid], nganye kuzo ineefayile kunye nezikhombisi ezibonisa ulwazi malunga neenkqubo ezithile, ezifundwayo kusetyenziswa inkqubo ye-ID ehambelanayo. Kwimeko yefayile ye "syscall", yifayile yokusebenza yeLinux esemthethweni equlathe iinkuni zenkqubo yeminxeba esetyenziswa yikernel.
Kwinkampani, lAbagculi banokusebenzisa isiphoso kwaye bafumane inkqubo yokusebenza kunye nefayile yesycall ngenkqubo esetyenziselwa ukunxibelelana phakathi kolwakhiwo lweedatha zekernel, iProc. Ungeniso lwe-syscall procfs lunokuxhatshazwa ukuba ngabagculi bakhupha imiyalelo yokuvelisa ii-byte ezingama-24 zememori engacaciswanga, ekhokelela ekudlulisweni kwedilesi yendawo yokuma kweedilesi (KASLR).
Ukujonga lo msebenzi uthile, yonke into ijongeka ilungile, kodwa kufanelekile ukuba uqaphele ukuba
argspass parameter ivelaproc_pid_syscallukusebenza kwaye ngenxa yoko uhlobo lohlobo__u64 args. Kwinkqubo ye-ARM, inkcazo yomsebenzi iguqula ubungakanani bearguluhlu lwezinto ezine-byte ezisuka kwii-byte ezisibhozo (ukusukelaunsigned longKwi-ARM zii-byte ezi-4), nesiphumo sokomemcpyIkopishwa kwii-byte ezingama-20 (kunye no-4args[0]).Ngokufanayo, nge-i386, apho
unsigned longzii-byte ezi-4, njeargsii-byte ezingama-24 zokuqala zeempikiswano zibhaliwe, zishiya ii-byte ezingama-24 ezishiyekileyo.Kuzo zombini iimeko, ukuba sijonga ngasemva kwifayile ye-
proc_pid_syscallumsebenzi.Ngelixa kwi-32-bit ARM kunye ne-i386 sikopa kuphela ii-byte ezingama-24 kwifayile ye-
argsuluhlu, umtya wefomathi uphela ufunda ii-byte ezingama-48 ukusuka kwifayile ye-argsmatrix, ukusukela%llxUmtya wefomathi zii-byte ezisibhozo kwiinkqubo ezingama-32 kunye nee-64-bit. Ke ii-byte ezingama-24 zeememori ezingafakwanga kwimfumba zigqiba ukufumana imveliso, ezinokukhokelela ngokudlula kwi-KASLR.
Abaphandi bathi Olu hlaselo "alunakufunyanwa kude kunethiwekhi" kuba ifunda ifayile esemthethweni kwinkqubo yokusebenza yeLinux. "Ukuba isetyenziswe ngokuchanekileyo, isigebenga singasebenzisa olu lwazi luvuzayo ukuze sisebenzise ngempumelelo ezinye izinto ezingakhutshelwanga kwi-Linux," utshilo uCisco.
Kule meko, uGoogle kutsha nje uthe:
“Iimpazamo zokukhumbula inkumbulo zihlala zisongela ukhuseleko lwezixhobo, ngakumbi usetyenziso kunye neenkqubo zokusebenza. Umzekelo, kwinkqubo yokusebenza kwefowuni ye-Android ekwaxhaswa yi-kernel yeLinux, uGoogle uthi ufumanise ukuba ngaphezulu kwesiqingatha sezinto ezinobungozi kwezokhuseleko eziqwalaselwe kwi-2019 ziziphumo zeememori zokhuseleko.
Eyokugqibela kodwa engancinananga Kuyacetyiswa ukuvuselela iinguqulelo 5.10-rc4, 5.4.66, 5.9.8 zelinux kernel, ukusukela Oku kusemngciphekweni kuvavanyiwe kwaye kwaqinisekiswa ukuba kuya kuba nakho ukuxhaphaza ezi nguqulelo zilandelayo zelinux kernel.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo Malunga nesithuba, ungakhangela iinkcukacha kwi ukulandela ikhonkco.