Muva nje izindaba zikuqedile lokho ukuba sengozini okubalulekile kukhonjwe kumojuli ye-ksmbd, efakwe phakathi kokusetshenziswa kweseva yefayela ngokusekelwe kuphrothokholi ye-SMB yakhelwe ku-Linux kernel.
Iphutha litholakele ivumela ukufeza ukude ukwenza ikhodi ngamalungelo e-kernel. Ukuhlasela kungenziwa ngaphandle kokuqinisekisa, kwanele ukuthi imodyuli ye-ksmbd icushwe ohlelweni.
okwamanje imininingwane eqondile endleleni esetshenziswa ukusizakala ngokuba sengozini azikavezwa Ukuba sengozini kwaziwa kuphela ngokuthi kubangelwa ukufinyelela endaweni yenkumbulo esivele ikhululiwe (Sebenzisa-Ngemva-Kwamahhala) ngenxa yokwehluleka ukuhlola ubukhona bento ngaphambi kokwenza imisebenzi kuyo.
IMINININGWANE YOBUNGOZI
Lokhu kuba sengozini kuvumela abahlaseli berimothi ukuthi basebenzise ikhodi engafanele ekufakweni okuthintekile kwe-Linux Kernel. Ukuqinisekisa akudingekile ukuze kusetshenziswe lobu bungozi, kodwa amasistimu ane-ksmbd anikwe amandla kuphela asengozini.Iphutha elithile likhona phakathi kokucutshungulwa kwemiyalelo ye-SMB2_TREE_DISCONNECT. Inkinga ibangelwa ukuntuleka kokuqinisekiswa kokuba khona kwento ngaphambi kokwenza imisebenzi entweni. Umhlaseli angasebenzisa lobu bungozi ukuze akhiphe ikhodi kumongo we-kernel.
Kushiwo lokho inkinga ihlobene iqiniso lokuthi emsebenzini smb2_tree_disconnect(), inkumbulo eyabelwe ikhululiwe kusakhiwo se-ksmbd_tree_connect, kodwa ngemva kwalokho kwakusasetshenziswa isikhombi lapho kucutshungulwa izicelo ezithile zangaphandle eziqukethe imiyalo ye-SMB2_TREE_DISCONNECT.
Ngaphezu kokuba sengozini okukhulunywe ngakho ku-ksmbd, Izinkinga ezi-4 eziyingozi kancane nazo ziyalungiswa:
- I-ZDI-22-1688 - Ukwenziwa kwekhodi yesilawuli kude namalungelo e-kernel ngenxa yokwehluleka ukuhlola usayizi wangempela wedatha yangaphandle ngaphambi kokuyikopisha kusigcinalwazi esabiwe kukhodi yokucubungula isibaluli sefayela. Ingozi yokuba sengozini incishiswa iqiniso lokuthi ukuhlasela kungenziwa kuphela umsebenzisi ogunyaziwe.
- I-ZDI-22-1691 - Ulwazi olukude lwenkumbulo ye-Kernel luvuza ngenxa yokuhlola okungalungile kwemingcele yokufaka kusiphathi somyalo we-SMB2_WRITE (ukuhlasela kungenziwa kuphela ngumsebenzisi ogunyaziwe).
- I-ZDI-22-1687: Ukunqatshelwa okukude kwekholi yesevisi ngenxa yokuphelelwa amandla kwememori yesistimu etholakalayo ngenxa yokukhululwa kwensiza okungalungile kusiphathi somyalo we-SMB2_NEGOTIATE (ukuhlasela kungenziwa ngaphandle kokuqinisekisa).
- I-ZDI-22-1689 - Ukwehluleka kwe-kernel ekude ngenxa yokuntuleka kokuqinisekiswa okufanele kwamapharamitha womyalo we-SMB2_TREE_CONNECT, okuholela ekufundweni kwendawo ye-buffer (ukuhlasela kungenziwa kuphela ngumsebenzisi oqinisekisiwe).
Usekelo lokusebenzisa iseva ye-SMB kusetshenziswa imojuli ye-ksmbd belukwiphakheji ye-Samba kusukela kunguqulo engu-4.16.0.
Ngokungafani neseva ye-SMB yendawo yomsebenzisi, i-ksmbd isebenza kahle kakhulu ngokuya ngokusebenza, ukusetshenziswa kwememori, nokuhlanganiswa nezici ezithuthukile ze-kernel. I-Ksmbd iphromothwa njengesandiso se-Samba esisebenza kahle kakhulu, esixhumanisa nokudlala, esihlanganisa namathuluzi e-Samba nemitapo yolwazi njengoba kudingeka.
Ikhodi ye-ksmbd yabhalwa ngu-Namjae Jeon we-Samsung kanye no-Hyunchul Lee we-LG, futhi inakekelwa ngu-Steve French kwa-Microsoft, umnakekeli wezinhlelo ezingaphansi ze-CIFS/SMB2/SMB3 ku-Linux kernel kanye nelungu leqembu lesikhathi eside. Unjiniyela we-Samba, owenze iminikelo ebalulekile ekusetshenzisweni kosekelo lwephrothokholi ye-SMB/CIFS ku-Samba ne-Linux.
Kuyafaneleka ukusho lokho inkinga ibikhona kusukela ku-kernel 5.15, ikhishwe ngoNovemba 2021, futhi yalungiswa buthule kuzibuyekezo 5.15.61, 5.18.18 kanye no-5.19.2, ezikhiqizwe ngo-Agasti 2022. Njengoba udaba lungakanikezwa isihlonzi se-CVE, alukho ulwazi oluqondile okwamanje mayelana nendlela yokulungisa inkinga. inkinga ekusabalaliseni.
ekugcineni uma ukhona unentshisekelo yokwazi okwengeziwe ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.