Zimbalwa iintsuku ezidlulileyo kwakhutshwa iindaba zokuba ubuthathaka buchongiwe (sele ifakwe kwikhathalogu phantsi kwe-CVE-2022-0185) kunyen inkqubo yefayile umxholo API ibonelelwe yi I-linux kernel enokuvumela umsebenzisi wasekhaya ukufumana amalungelo akhethekileyo kwindlela yokusebenza.
Kuyakhankanywa ukuba Ingxaki kukuba umsebenzisi ongenanto angafumana iimvume ezinjalo kwisikhongozeli esisecaleni ukuba inkxaso yezithuba zamagama zomsebenzisi yenziwe yasebenza kwisixokelelwano.
Umzekelo, izithuba zamagama abasebenzisi zenziwe ngokungagqibekanga ku-Ubuntu kunye ne-Fedora, kodwa ayenziwanga ukuba isebenze kwi-Debian kunye ne-RHEL (ngaphandle kokuba kusetyenziswe amaqonga okwahlula isikhongozeli). Ukongeza kwilungelo lokunyuka, ubuthathaka busenokusetyenziselwa ukuphuma kwisikhongozeli esisecaleni ukuba isikhongozeli sinegunya leCAP_SYS_ADMIN.
Ukuba sesichengeni ikhona kumsebenzi legacy_parse_param() kwiVFS kwaye kungenxa yokunqongophala kokuqinisekiswa okufanelekileyo kobukhulu bobungakanani beparameters ezibonelelweyo kwiinkqubo zefayile ezingawuxhasiyo umxholo wefayile ye-API.
Kutshanje abahlobo abaninzi kwiqela lam le-CTF Crusaders yeRust kwaye ndiye ndadibana ne-0-day Linux kernel heap ephuphumayo. Sifumene i-bug ngokudibanisa ne-syzkaller kwaye siyiphuhlise ngokukhawuleza yaba yi-Ubuntu LPE exploit. Siye sayibhala kwakhona ukubaleka kwaye sincothule i-Kubernetes CTF yeziseko ezingundoqo zikaGoogle. Le bug ichaphazela zonke iinguqulelo zekernel ukusukela ngo-5.1 (i-5.16 isaqhuba ngoku) kwaye yabelwe i-CVE-2022-0185. Sele siyixele le nto kuluhlu lwe-Linux lokuhanjiswa kunye nokhuseleko lokuposa, kwaye ibug yalungiswa njengoko kukhutshiweyo eli nqaku.
Ukudlula iparamitha enkulu kakhulu kunokubangela ukuphuphuma yoguqulo olupheleleyo olusetyenziselwa ukubala ubungakanani bedatha ebhaliweyo; ikhowudi ino "ukuba (len > PAGE_SIZE - 2 - ubukhulu)" ukukhangela ukuphuphuma kwebuffer, engasebenziyo ukuba ixabiso lobungakanani likhulu kuno-4094 ngenxa yokuphuphuma kwenani elipheleleyo kumda osezantsi (i-integer overflow, xa iguqulelwa 4096 – 2 – I-4095 ukuya kwi-int engabhalwanga, ufumana 2147483648).
Le bug ivumela, xa ufikelela kumfanekiso weFS owenziwe ngokukodwa, yenza ukuphuphuma kwebuffer kwaye ubhale ngaphezulu kwedata yekernel ilandela indawo yememori eyabelweyo. Ukuxhaphaza ukuba sesichengeni, CAP_SYS_ADMIN amalungelo, oko kukuthi igunya lomlawuli, liyafuneka.
Ukusukela ngo-2022, abadlali beqela lethu bagqibe kwelokuba bafumane usuku 0 ngo-2022. Sasingaqinisekanga ncam ukuba singayiqala njani, kodwa kuba iqela lethu linenqanaba eliphezulu lokuqhelana nobuthathaka be-Linux kernel, sigqibe kwelokuba sithenge nje iiseva ezizinikeleyo. kwaye usebenzise i-syzkaller fuzzer kaGoogle. NgoJanuwari 6 ngo-22: 30 PM PST, i-chop0 ifumene le ngxelo ilandelayo yokungaphumeleli kwe-KASAN kwi-legacy_parse_param: i-slab-out-of-bounds Bhala kwi-legacy_parse_param. Kubonakala ngathi i-syzbot ifumene le ngxaki kuphela kwiintsuku ze-6 ngaphambili xa i-fuzzing Android, kodwa ingxaki ayizange iphathwe kwaye sicinga ngokungenangqondo ukuba akukho mntu waphawula.
Ekugqibeleni, kuyafaneleka ukukhankanya ukuba ingxaki iye yazibonakalisa ukususela kwi-Linux kernel version 5.1 kwaye yasonjululwa kuhlaziyo olukhutshwe kwiintsuku ezimbalwa ezidlulileyo kwiinguqulelo 5.16.2, 5.15.16, 5.10.93, 5.4.173.
ngaphandle koko Uhlaziyo lwepakethe yomngcipheko sele lukhutshiwe for RHEL, Debian, fedora kunye Ubuntu. Ngelixa isisombululo singekafumaneki Arch Linux, Gentoo, USUSE y vulaSUSE.
Kwimeko yezi, kukhankanyiwe ukuba njengesisombululo sokhuseleko kwiinkqubo ezingasebenzisi ukwahlulwa kwezikhongozeli zodwa, ungabeka ixabiso le-sysctl "user.max_user_namespaces" ukuya ku-0:
Umphandi ochonge ingxaki uye wapapasha idemo yokuxhaphaza que ivumela ikhowudi esebenzayo njengengcambu ku-Ubuntu 20.04 kuqwalaselo olungagqibekanga. Kucetywa ukuba ikhowudi yokuxhaphaza ipapashwa kwi-GitHub kwisithuba seveki emva koko ukuba izinikezelo zikhupha uhlaziyo olulungisa ukuba sesichengeni.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.
Ukanti esinye isizathu sokungachukumisi i-snap ngentonga.