Zimbalwa izinsuku ezedlule kukhishwe izindaba zokuthi ubungozi buhlonziwe (esivele ifakwe kukhathalogi ngaphansi kwe-CVE-2022-0185) futhin i-API yokuqukethwe kwesistimu yefayela kuhlinzekwe ngabakwa i-linux kernel okungase kuvumele umsebenzisi wendawo ukuthi athole amalungelo ezimpande ohlelweni.
Kushiwo lokho inkinga ukuthi umsebenzisi ongenamalungelo angathola izimvume ezinjalo esitsheni esisodwa uma ukusekela kwezikhala zamagama kunikwe amandla kusistimu.
Isibonelo, izikhala zamagama abasebenzisi zinikwe amandla ngokuzenzakalela ku-Ubuntu naku-Fedora, kodwa azivunyelwe ku-Debian ne-RHEL (ngaphandle kwalapho kusetshenziswa izinkundla zokuhlukanisa iziqukathi). Ngokungeziwe ekwenyukeni kwelungelo, ukuba sengozini kungase futhi kusetshenziselwe ukuphuma esitsheni esisodwa uma isiqukathi sinegunya le-CAP_SYS_ADMIN.
Ukuba sengozini ikhona kumsebenzi legacy_parse_param() ku-VFS futhi kungenxa yokuntuleka kokuqinisekiswa okufanele kobukhulu bosayizi wamapharamitha anikeziwe kumasistimu wamafayela angasekeli i-API yokuqukethwe kwesistimu yefayela.
Muva nje, abangani abambalwa eqenjini lami le-CTF Crusaders of Rust futhi ngihlangabezane nokuchichima kwenqwaba ye-Linux kernel. Sithole isiphazamisi ngokuhlangana ne-syzkaller futhi sayithuthukisa ngokushesha saba i-Ubuntu LPE. Sibe sesiyibhala kabusha ukuze sibaleke futhi siqede ingqalasizinda ye-Kubernetes CTF eqinile ye-Google. Lesi siphazamisi sithinta zonke izinguqulo ze-kernel kusukela ngo-0 (i-5.1 isaqhubeka) futhi yabelwe i-CVE-5.16-2022. Sesivele sikubikile lokhu ohlwini lwe-imeyili lokusabalalisa lwe-Linux, futhi iphutha lilungisiwe kusukela ekukhishweni kwalesi sihloko.
Ukudlulisa ipharamitha enkulu kakhulu kungabangela ukuchichima yokuhluka okuphelele okusetshenziselwa ukubala usayizi wedatha ebhalwayo; ikhodi inokuhlola ukuchichima kwebhafa kokuthi "uma (len > PAGE_SIZE - 2 - usayizi)", engasebenzi uma inani likasayizi likhulu kuno-4094 ngenxa yokuchichima kwenombolo emngceleni ophansi (ukuchichima okuphelele, lapho kuguqulwa 4096 – 2 - 4095 ku-int engabhalisiwe, ithola u-2147483648).
Lesi siphazamisi sivumela, lapho ufinyelela isithombe se-FS esiklanywe ngokukhethekile, bangela ukuchichima kwebhafa bese ubhala phezu kwedatha ye-kernel ngokulandela indawo yememori eyabelwe. Ukuze usebenzise ubungozi, amalungelo e-CAP_SYS_ADMIN, okungukuthi igunya lomlawuli, ayadingeka.
Kusukela ngo-2022, ozakwethu beqembu banquma ukuthola usuku 0 ngo-2022. Sasingenaso isiqiniseko sokuthi sizoqala kanjani, kodwa njengoba ithimba lethu belinolwazi oluphezulu ngobungozi be-Linux kernel, sinqume ukuvele sithenge amaseva azinikele. bese usebenzisa i-syzkaller fuzzer ye-Google. Ngomhla ka-Janawari 6 ngo-22:30 PM PST, i-chop0 ithole umbiko olandelayo wokwehluleka kwe-KASAN kokuthi legacy_parse_param: i-slab-out-of-bounds Bhala ku-legacy_parse_param. Kubonakala sengathi i-syzbot ithole le nkinga ezinsukwini ezingu-6 kuphela ngaphambili lapho ixuba i-Android, kodwa inkinga ayizange isingathwe futhi sacabanga ngokungenangqondo ukuthi akekho omunye owaqaphela.
Okokugcina, kufanelekile ukusho ukuthi inkinga ibiziveza kusukela kunguqulo ye-Linux kernel 5.1 futhi yaxazululwa kuzibuyekezo ezikhishwe ezinsukwini ezimbalwa ezedlule kuzinguqulo 5.16.2, 5.15.16, 5.10.93, 5.4.173.
Ngaphandle kwalokho izibuyekezo zephakheji yokuba sengozini sezikhishiwe ukuze RHEL, Debian, fedora futhi Ubuntu. Ngenkathi isisombululo singakatholakali I-Arch Linux, I-Gentoo, SUSE y vulaSUSE.
Endabeni yalokhu, kushiwo ukuthi njengesixazululo sokuvikela samasistimu angasebenzisi ukuhlukaniswa kweziqukathi, ungasetha inani le-sysctl "user.max_user_namespaces" libe ngu-0:
Umcwaningi ohlonze inkinga ushicilele idemo yokuxhaphaza que ivumela ikhodi esebenzayo njengempande ku-Ubuntu 20.04 ekucushweni okuzenzakalelayo. Kuhlelwe ukuthi ikhodi yokuxhaphaza ishicilelwa ku-GitHub phakathi nesonto ngemva kwalokho ukuthi ukusatshalaliswa kukhiphe isibuyekezo esilungisa ukuba sengozini.
Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.
Esinye isizathu sokungathinti i-snap ngenduku.