Muva nje izindaba zikuqedile lokho umcwaningi wezokuphepha uhlonze ukuba sengozini okubalulekile (sekuvele kuhlu ngaphansi kwe-CVE-2021-43267) ekusetshenzisweni kwephrothokholi yenethiwekhi ye-TIPC inikezwe ku-Linux kernel, evumela ukukhishwa kwekhodi okukude ngamalungelo e-kernel ngokuthumela iphakethe lenethiwekhi elakhiwe ngokukhethekile.
Ingozi yenkinga incishiswa iqiniso lokuthi ukuhlasela kudinga ukunika amandla ngokusobala usekelo lwe-TIPC kusistimu (ngokulayisha nokulungiselela imojuli ye-tipc.ko kernel), engenziwa ngokuzenzakalela ekusabalaliseni okungeyona eye-Linux. ezikhethekile.
I-CodeQL iyinjini yokuhlaziya ekuvumela ukuthi usebenzise imibuzo kukhodi yakho. Ngokombono wezokuphepha, lokhu kungakuvumela ukuthi uthole ubungozi ngokuchaza ukubukeka kwabo. I-CodeQL izobe isiba bukhoma futhi ithole zonke izimo zalokho kuba sengozini.
I-TIPC iye yasekelwa kusukela ku-Linux 3.19 kernel, kodwa ikhodi eholela ekubeni sengozini yafakwa ku-5.10 kernel.. Iphrothokholi ye-TIPC yasungulwa ngu-Ericsson, ihloselwe ukuhlela ukuxhumana phakathi kwezinqubo kwiqoqo futhi yenziwa isebenze kakhulu kumanodi eqoqo.
I-TIPC ingasebenza kokubili nge-Ethernet nangaphezulu kwe-UDP (ichweba lenethiwekhi 6118). Endabeni yokusebenza nge-Ethernet, ukuhlasela kungenziwa kunethiwekhi yendawo, futhi uma usebenzisa i-UDP, kusukela kunethiwekhi yomhlaba wonke, uma ichweba lingamboziwe i-firewall. Ukuhlasela kungenziwa futhi umsebenzisi wendawo ngaphandle kwamalungelo kumsingathi. Ukuze unike amandla i-TIPC, kufanele ulayishe imojuli ye-tipc.ko kernel futhi ulungiselele isixhumanisi esixhunyweni senethiwekhi usebenzisa i-netlink noma insiza ye-tipc.
Iphrothokholi isetshenziswa kumojula ye-kernel ehlanganiswe nakho konke ukusatshalaliswa kweLinux okukhulu. Uma ilayishwa umsebenzisi, ingasetshenziswa njengesixhumi futhi ingalungiselelwa kusixhumi esibonakalayo kusetshenziswa i-netlink (noma kusetshenziswa i-tipc yethuluzi lesikhala somsebenzisi, elizokwenza lezi zingcingo ze-netlink) njengomsebenzisi ongenamalungelo.
I-TIPC ingalungiselelwa ukuthi isebenze phezu kwephrothokholi yenkampani efana ne-Ethernet noma i-UDP (esimweni sakamuva, i-kernel ilalela ku-port 6118 ngemilayezo engenayo evela kunoma yimuphi umshini). Njengoba umsebenzisi onelungelo eliphansi engakwazi ukudala amafreyimu we-ethernet eluhlaza, ukubeka umphathi ku-UDP kwenza kube lula ukubhala ukuxhaphaza kwasendaweni.
Ukuba sengozini kuzibonakalisa kumsebenzi we-tipc_crypto_key_rc futhi kubangelwa ukuntuleka kokuqinisekisa okufanele. wokuxhumana phakathi kwalokho okushiwo kunhlokweni kanye nosayizi wangempela wedatha lapho kuhlaziywa amaphakethe ngohlobo lwe-MSG_CRYPTO olusetshenziswa ukuthola okhiye bokubethela kwamanye ama-node kuqoqo ukuze kamuva kunqanyulwe imilayezo ethunyelwe kusukela kulawa ma-node.
Usayizi wedatha ekopishelwe kumemori ubalwa njengomehluko phakathi kwamanani ezinkambu ezinosayizi womlayezo kanye nosayizi wesihloko, kodwa ngaphandle kokucabangela usayizi wangempela wegama le-algorithm yokubethela edlulisiwe. kumlayezo kanye nokuqukethwe ukhiye.
Usayizi wegama le-algorithm kucatshangwa ukuthi ulungisiwe, futhi ngaphezu kwalokho isibaluli esihlukile esinosayizi sidluliswa kukhiye, futhi umhlaseli angacacisa inani kulesi sici elihlukile kunani langempela, okuzoholela ekubhaleni ku- ulayini womlayezo ophuma kubhafa enikeziwe.
Ukuba sengozini kugxilile kuma-kernels 5.15.0, 5.10.77 kanye no-5.14.16, nakuba inkinga ivela futhi ingakalungiswa ku-Debian 11, Ubuntu 21.04 / 21.10, SUSE (egatsheni le-SLE15-SP4 elingakakhululwa), i-RHEL (ayikacaciswanga uma isisombululo esisengozini sibuyekeziwe) kanye ne-Fedora.
Noma kunjalo isibuyekezo se-kernel sesivele sikhishelwe i-Arch Linux kanye nokusatshalaliswa okunezinhlamvu ngaphambi kuka-5.10, njenge-Debian 10 kanye ne-Ubuntu 20.04, akuthinteki.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.