Ukuba zixhatshaziwe, ezi ziphene zinokuvumela abahlaseli ukuba bafumane ukufikelela okungagunyaziswanga kulwazi olubuthathaka okanye ngokubanzi babangele iingxaki.
Kutshanje iindaba zavakala ukubae ubuthathaka obubini ichongiwe kwi-Linux kernel (sele ifakwe kwikhathalogu phantsi kwe-CVE-2022-42896), enokubakho ingasetyenziselwa ukucwangcisa ukwenziwa kwekhowudi ekude kwinqanaba le-kernel ngokuthumela ipakethi eyi-L2CAP eyenziwe ngokukodwa ngeBluetooth.
Kuyakhankanywa ukuba ubuthathaka bokuqala (CVE-2022-42896) kwenzeka xa ufikelela kwindawo yenkumbulo esele ikhululiwe. (ukusetyenziswa emva kokukhululeka) ekuphunyezweni kwe-l2cap_connect kunye ne-l2cap_le_connect_req imisebenzi.
Ukungaphumeleli ixhaswe emva kokudala itshaneli ngecallback umnxeba entsha_uqhagamshelwano, engathinteli ucwangciso lwayo, kodwa icwangcisa isibali-xesha (__seta_chan_ixesha), emva kwexesha lokuvala, ukubiza umsebenzi l2cap_chan_timeout kunye nokucoca umjelo ngaphandle kokujonga ukugqitywa komsebenzi kunye nomjelo kwimisebenzi l2cap_le_connect*.
Ixesha elimiselweyo lokuvala yimizuzwana engama-40 kwaye kwakucingelwa ukuba imeko yogqatso ayinakwenzeka ngokulibaziseka okungako, kodwa kwavela ukuba ngenxa yesinye isiphene kumqhubi we-SMP, kwakunokwenzeka ukufowunela ngoko nangoko isibali-xesha kwaye ufikelele kwimeko yogqatso.
Ingxaki kwi-l2cap_le_connect_req inokubangela ukuvuza kwememori ye-kernel, kwaye kwi-l2cap_connect ungabhala ngaphezulu imixholo yememori kwaye usebenzise ikhowudi yakho. Ukwahluka kokuqala kohlaselo kunokwenziwa kusetyenziswa iBluetooth LE 4.0 (ukususela ngo-2009), okwesibini usebenzisa iBluetooth BR/EDR 5.2 (ukususela ngo-2020).
Kukho ubuthathaka obusemva kokukhutshwa kwimisebenzi ye-Linux kernel l2cap_connect kunye ne-l2cap_le_connect_req net/bluetooth/l2cap_core.c enokuvumela ukwenziwa kwekhowudi kunye nokuvuza kwememori ye-kernel (ngokulandelelanayo) ukude ngeBluetooth. Umhlaseli okude unokusebenzisa ikhowudi evuza imemori ye-kernel ngaphezulu kweBluetooth ukuba ikufuphi nexhoba. Sincoma ukuhlaziya ukuzinikela kwangaphambili https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4
Ubungozi besibini efunyenweyo (sele ifakwe kwikhathalogu phantsi kwe-CVE-2022-42895) okubangelwa kukuvuza kwenkumbulo eshiyekileyo kumsebenzi we-l2cap_parse_conf_req, enokusetyenziselwa ukude ukufumana ulwazi malunga nezalathisi kwizakhiwo zekernel ngokuthumela izicelo zoqwalaselo eziyilwe ngokukodwa.
Malunga nobu buthathaka kukhankanyiwe ukuba kumsebenzi we-l2cap_parse_conf_req, isakhiwo se-l2cap_conf_efs sisetyenzisiwe, apho inkumbulo eyabelwe yona ayizange iqaliswe ngaphambili, nangobuchule ngeFLAG_EFS_ENABLE iflegi, kwakunokwenzeka ukufezekisa ukubandakanywa kwedatha endala yebhetri kwiphakheji.
iflegi yetshaneli FLAG_EFS_ENABLE endaweni yeremote_efs eguquguqukayo ukuya thatha isigqibo sokuba ngaba i-l2cap_conf_efs isakhiwo seefs kufuneka sisetyenziswe okanye hayi kwaye Kuyenzeka ukuseta iflegi ye-FLAG_EFS_ENABLE ngaphandle kokuthumela idatha yoqwalaselo ye-EFS kwaye, kulo mzekelo, i-l2cap_conf_efs efs isakhiwo esingasetyenziswanga izakuthunyelwa emva kumxhasi okude, ngaloo ndlela kuvuza ulwazi malunga ne imixholo yenkumbulo ye-kernel, kuquka izikhombisi ze-kernel.
Ingxaki yenzeka kuphela kwiinkqubo apho ikernel yakhiwe ngokhetho lweCONFIG_BT_HS (ikhubaziwe ngokungagqibekanga, kodwa yenziwe kwezinye izinikezelo, njengoBuntu). Uhlaselo oluyimpumelelo lukwafuna ukuseta iparamitha yeHCI_HS_ENABLED ngokusebenzisa ujongano lolawulo ukuya kwinyani (ayisetyenziswa ngokungagqibekanga).
Kwezi zinambuzane zimbini zifunyenweyo, iiprototypes zokuxhaphaza ezisebenza ku-Ubuntu 22.04 sele zikhutshiwe ukubonisa ukuba kunokwenzeka uhlaselo olukude.
Ukwenza uhlaselo, umhlaseli kufuneka abe ngaphakathi kuluhlu lweBluetooth; akukho ukubhanqa kwangaphambili okufunekayo, kodwa iBluetooth kufuneka isebenze kwikhompyuter. Ukuhlaselwa, kwanele ukwazi idilesi ye-MAC yesixhobo sexhoba, esinokumiselwa ngokufunxa okanye, kwezinye izixhobo, kubalwe ngokusekelwe kwidilesi ye-Wi-Fi MAC.
Ekugqibeleni kufanelekile ukukhankanya oko kwachongwa enye ingxaki efanayo (I-CVE-2022-42895) kwisilawuli se-L2CAP enokuvuza umxholo wememori ye-kernel kwiipakethi zolwazi loqwalaselo. Ubuthathaka bokuqala bubonakaliswe ukususela ngo-Agasti 2014 (i-kernel 3.16), kwaye okwesibini ukususela ngo-Oktobha 2011 (i-kernel 3.0).
Kwabo banomdla wokulandelela ulungiso kunikezelo, banokwenza njalo kula maphepha alandelayo: Debian, Ubuntu, Gentoo, RHEL, USUSE, Fedora y igophe .