Bathole ukuba sengozini ku-kernel engavumela ukwebiwa kwemininingwane

Darkcrizt

Imizuzu ye-4

Abacwaningi baseCisco Talos bakhishwe Zimbalwa izinsuku ezedlule ukuba sengozini ku-kernel ye-Linux engasetshenziswa ukweba idatha futhi isebenze njengendlela yokukhuphula amalungelo nokubeka engozini uhlelo.

Ukuba sengozini ichazwe njengengcuphe 'yokudalula imininingwane okungavumela umhlaseli ukuthi abone inkumbulo yesitaki se-kernel. '

I-CVE-2020-28588 iba sengozini yokuthi kutholwe kumadivayisi we-ARM ukusebenza kwe-proc / pid / syscall Amadivayisi angama-32-bit asebenzisa uhlelo olusebenzayo. Ngokusho kukaCisco Talos, inkinga yatholwa okokuqala kudivayisi esebenzisa i-Azure Sphere.

Ukuba sengozini kokudalulwa kolwazi kukhona ekusebenzeni kwe / proc / pid / syscall kweLinux Kernel 5.1 Stable kanye 5.4.66. Ngokuqondile, le nkinga yethulwe ku-v5.1-rc4 (yenza i-631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) futhi isekhona ku-v5.10-rc4, ngakho-ke zonke izinhlobo eziphakathi kungenzeka zithinteke. Umhlaseli angafunda / proc / pid / syscall ukuze kusebenze lokhu kuba sengozini, kubangele ukuthi i-kernel ilahlekelwe okuqukethwe kwememori.

I-Proc uhlelo olukhethekile lwe-mbumbulu ezinhlelweni ezisebenza njenge-Unix isetshenziselwe ukufinyelela ngamandla idatha yenqubo itholakale ku-kernel. Yethula imininingwane yokucubungula nolunye ulwazi lohlelo ngesakhiwo esime ngokulandelana, esifana nefayela.

Isibonelo, iqukethe ama-subdirectories / proc / [pid], ngalinye liqukethe amafayela nama-subdirectories adalula imininingwane mayelana nezinqubo ezithile, efundekayo ngokusebenzisa i-ID yenqubo ehambisanayo. Endabeni yefayela le- "syscall", kuyifayela elisemthethweni le-Linux operating system eliqukethe izingodo zezingcingo zohlelo ezisetshenziswa yi-kernel.

Okwenkampani, lAbaduni bangasebenzisa iphutha futhi bafinyelele uhlelo lokusebenza nefayela le-syscall ngokusebenzisa uhlelo olusetshenziselwa ukuxhumana phakathi kwezinhlaka zedatha ye-kernel, iProc. Ukufakwa kwe-syscall procfs kungasetshenziswa uma abaduni bekhipha imiyalo yokwenza ama-byte angama-24 enkumbulo yenqwaba engakaqalwa, okuholele ekudlulweni kwendawo yokuhlelwa kwesikhala sekheli le-kernel (KASLR).

Uma ubheka lo msebenzi othile, konke kubukeka kukuhle, kepha kubalulekile ukuthi wazi ukuthi argsIpharamitha edlulisiwe ivela proc_pid_syscallfunction futhi ngenxa yalokho empeleni kunguhlobo __u64 args. Kuhlelo lwe-ARM, incazelo yomsebenzi iguqula usayizi we- argukuhlelwa kwezinto ezingama-byte amane kusuka kuma-byte ayisishiyagalombili (kusukela unsigned longku-ARM ngama-byte ama-4), okuholela kulokho ku memcpyikopishwa kuma-byte angama-20 (kanye no-4 we args[0]).

Ngokufanayo, nge-i386, lapho unsigned longngama-byte ama-4, nje argsama-byte angama-24 okuqala empikiswano abhaliwe, ashiya ama-byte angama-24 asele ephelele.

Kuzona zozimbili izimo, uma sibheka emuva kufayela le- proc_pid_syscallumsebenzi.

Ngenkathi siku-32-bit ARM naku-i386 sikopisha ama-byte angama-24 kuphela kufayela le- argsuhlu, intambo yefomethi igcina ifunde ama-byte angama-48 we argsmatrix, kusukela %llxFometha intambo ngama-byte ayisishiyagalombili kumasistimu angama-32-bit no-64-bit. Ngakho-ke ama-byte angama-24 enkumbulo yenqwaba engakaqalwa agcina ethola umphumela, ongaholela ekudlulisweni kwe-KASLR.

Abaphenyi bathi lokho lokhu kuhlasela "akunakwenzeka ukuthola ukude kunethiwekhi" ngoba ifunda ifayela elisemthethweni kusuka kuhlelo lokusebenza lwe-Linux. "Uma isetshenziswe kahle, isigebengu singasebenzisa lolu lwazi oluvuzayo ukuze sisebenzise ngempumelelo ezinye izingqinamba zeLinux ezingafakwanga," kusho uCisco.

Mayelana nalokhu, iGoogle isanda kuthi:

“Amaphutha okuphepha kwimemori avame ukusongela ukuphepha kwamadivayisi, ikakhulukazi izinhlelo nezinhlelo zokusebenza. Isibonelo, ohlelweni lokusebenza lwe-Android mobile futhi olwesekelwa yi-Linux kernel, i-Google ithi ithole ukuthi ngaphezu kwengxenye yobungozi bokuphepha okukhulunywe ngabo ku-2019 kube ngumphumela wezinambuzane zokuphepha kwememori.

Okokugcina Kunconywa ukuvuselela izinhlobo 5.10-rc4, 5.4.66, 5.9.8 zelinel kernel, kusukela Lokhu kuba sengozini kuhlolwe kwaqinisekiswa ukuthi kuzokwazi ukusebenzisa izinhlobo ezilandelayo ze-Linux kernel.

Okokugcina uma unesifiso sokwazi okwengeziwe ngakho Mayelana nokuthunyelwe, ungabheka imininingwane ku- isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.