Lezi zindaba zisanda kuvela lokhoe ubungozi obubili kukhonjwe ku-Linux kernel (esivele ifakwe kukhathalogi ngaphansi kwe-CVE-2022-42896), okungenzeka ingasetshenziswa ukuhlela ukukhishwa kwekhodi ekude ezingeni le-kernel ngokuthumela iphakethe le-L2CAP elakhiwe ngokukhethekile nge-Bluetooth.
Kushiwo lokho ukuba sengozini kokuqala (CVE-2022-42896) kwenzeka lapho ufinyelela indawo yenkumbulo esivele ikhululiwe (use-after-free) ekusetshenzisweni kwemisebenzi ye-l2cap_connect kanye ne-l2cap_le_connect_req.
Ukwehluleka kutholwe ngemuva kokudala isiteshi nge-callback ucingo new_connection, okungakuvimbi ukusetha kwakho, kodwa kusetha isibali sikhathi (__set_chan_timer), ngemva kokuvala isikhathi, shayela umsebenzi l2cap_chan_timeout nokuhlanza isiteshi ngaphandle kokuhlola ukuqedwa komsebenzi ngesiteshi emisebenzini l2cap_le_connect*.
Isikhathi sokuvala esimisiwe yimizuzwana engama-40 futhi bekucatshangwa ukuthi isimo somjaho besingeke senzeke ngokubambezeleka okungaka, kodwa kuvele ukuthi ngenxa yesinye isiphazamisi kumshayeli we-SMP, bekungenzeka ukuthi ushayele isibali sikhathi ngokushesha futhi ufinyelele isimo somjaho.
Inkinga ku-l2cap_le_connect_req ingabangela ukuvuza kwememori ye-kernel, futhi kokuthi l2cap_connect ungabhala ngaphezulu okuqukethwe kwememori futhi usebenzise ikhodi yakho. Okuhlukile kokuqala kokuhlasela kungenziwa kusetshenziswa i-Bluetooth LE 4.0 (kusukela ngo-2009), okwesibili kusetshenziswa i-Bluetooth BR/EDR 5.2 (kusukela ngo-2020).
Kunokulimala kwangemva kokukhishwa emisebenzini ye-Linux kernel l2cap_connect kanye ne-l2cap_le_connect_req net/bluetooth/l2cap_core.c engavumela ukusetshenziswa kwekhodi nokuvuza kwenkumbulo ye-kernel (ngokulandelanayo) ukude nge-Bluetooth. Umhlaseli oqhelile angasebenzisa ikhodi evuza inkumbulo ye-kernel nge-Bluetooth uma iseduze nesisulu. Sincoma ukubuyekeza ukuzibophezela okudlule https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4
Ukuba sengozini kwesibili okutholiwe (sekuvele kufakwe ohlwini ngaphansi kwe-CVE-2022-42895) okubangelwa ukuvuza kwenkumbulo okusele kumsebenzi we-l2cap_parse_conf_req, engasetshenziswa ukuthola ukude ulwazi mayelana nezikhombisi ezakhiweni ze-kernel ngokuthumela izicelo zokumisa eziklanywe ngokukhethekile.
Mayelana nalobu buthakathaka kuyashiwo ukuthi kumsebenzi we-l2cap_parse_conf_req, isakhiwo se-l2cap_conf_efs sisetshenzisiwe, lapho inkumbulo eyabiwe ayizange iqaliswe ngaphambilini, nangokusebenzisa ama-manipulations ngefulegi le-FLAG_EFS_ENABLE, kwakungenzeka ukufeza ukufakwa kwedatha endala webhethri ephaketheni.
ifulegi lesiteshi se-FLAG_EFS_ENABLE esikhundleni sokuguquguquka kwe-remote_efs kuya nquma ukuthi ngabe l2cap_conf_efs isakhiwo se-efs kufanele sisetshenziswe noma cha futhi kungenzeka ukusetha ifulegi le-FLAG_EFS_ENABLE ngaphandle kokuthumela idatha yokucushwa kwe-EFS futhi, kulesi simo, isakhiwo esingaqaliswanga se-l2cap_conf_efs efs izothunyelwa emuva kuklayenti elikude, ngaleyo ndlela kuvuza ulwazi mayelana ne okuqukethwe kwememori ye-kernel, kufaka phakathi izinkomba ze-kernel.
Inkinga yenzeka kuphela kumasistimu lapho i-kernel yakhiwe ngenketho yeCONFIG_BT_HS (ikhutshazwe ngokuzenzakalela, kodwa inikwe amandla kokunye ukusatshalaliswa, njengo-Ubuntu). Ukuhlasela okuyimpumelelo futhi kudinga ukusetha ipharamitha ye-HCI_HS_ENABLED ngesixhumi esibonakalayo sokuphatha sibe iqiniso (ayisisetshenziswa ngokuzenzakalelayo).
Kulezi zimbungulu ezimbili ezitholakele, ama-prototypes okuxhashazwa asebenza ku-Ubuntu 22.04 asekhishiwe ukukhombisa ukuthi kungenzeka kube nokuhlasela okukude.
Ukuze enze ukuhlasela, umhlaseli kufanele abe phakathi kwe-Bluetooth; akukho ukumatanisa kwangaphambili okudingekayo, kodwa i-Bluetooth kufanele isebenze kukhompyutha. Ngokuhlaselwa, kwanele ukwazi ikheli le-MAC ledivayisi yesisulu, enganqunywa ngokuhogela noma, kwamanye amadivaysi, abalwe ngokusekelwe ekhelini le-Wi-Fi MAC.
Ekugcineni kufanelekile ukusho lokho enye inkinga efanayo ikhonjwe (I-CVE-2022-42895) kusilawuli se-L2CAP okungavuza okuqukethwe kwememori ye-kernel kumaphakethe wolwazi lokucushwa. Ukuba sengozini kokuqala kubonakalisiwe kusukela ngo-August 2014 (kernel 3.16), kanti okwesibili kusukela ngo-Okthoba 2011 (kernel 3.0).
Kulabo abanentshisekelo yokulandelela ukulungiswa kokusatshalaliswa, bangakwenza emakhasini alandelayo: Debian, Ubuntu, I-Gentoo, RHEL, SUSE, Fedora y Arch .