Muva nje sabelana lapha kubhulogi izindaba mayelana nentshisekelo iMicrosoft ekhombisile mayelana nesistimu engaphansi i-eGMP, Njengoba yakhe isistimu engaphansi yeWindows esebenzisa indlela yokuhlaziya engaqondakali yokuhumusha, okuthi, uma kuqhathaniswa nesihloli se-eBPF seLinux, ikhombise inani eliphansi elingelona iqiniso, isekela ukuhlaziywa kwe-loop, futhi inikeze ukuhleleka okuhle.
Le ndlela ibheka amaphethini amaningi wokusebenza atholakalayo ekuhlaziyweni kwezinhlelo ezikhona ze-eBPF. Lolu hlelo olungaphansi lwe-eBPF ifakiwe ku-Linux kernel kusukela enguqulweni engu-3.18 no Ikuvumela ukuthi ucubungule amaphakethe wenethiwekhi angenayo / aphumayo, amaphakethe okudlulisa, ukulawula umkhawulokudonsa, ukubamba izingcingo zesistimu, ukulawula ukufinyelela, nokwenza ukuqapha.
Futhi ingabe lokho kukhuluma ngakho, kusanda kuvezwa ukuthi kutholakale ubungozi obusha obubili ohlelweni olungaphansi I-eBPF, ekuvumela ukuthi usebenzise amashayeli ngaphakathi kwe-Linux kernel kumshini okhethekile we-JIT.
Kokubili ukuba sengozini kunikeza ithuba lokusebenzisa ikhodi ngamalungelo we-kernel, ngaphandle komshini wangempela we-eBPF.
Imininingwane ngezinkinga ishicilelwe yithimba leZero Day Initiative, eqhuba umncintiswano we-Pwn2Own, lapho kulo nyaka kukhonjiswe ukuhlaselwa okuthathu ku-Ubuntu Linux, lapho kusetshenziswe ubuthakathaka obungaziwa ngaphambili (uma ukuba sengozini kwe-eBPF kuhlobene nalokhu kuhlaselwa akubikiwe).
Kutholwe ukuthi i-eBPF ALU32 inomkhawulo wokulandela ngomkhondo imisebenzi ye-bitwise (KANYE, OR kanye XOR) imikhawulo engama-32-bit ayizange ibuyekezwe.
UManfred Paul (@_manfp) weqembu leRedRocket CTF (@redrocket_ctf) esebenza nayeIsinyathelo seTrend Micro sikaZero Day sathola ukuthi lokhu kuba sengozini ingahle iguqulwe ifundwe ngaphandle kwemingcele bese ibhala ku-kernel. Lokhu kube njalo ibikwe njenge-ZDI-CAN-13590 futhi yabelwa i-CVE-2021-3490.
- I-CVE-2021-3490: Ukuba sengozini kungenxa yokushoda kokuqinisekiswa okungaphandle kwemingcele kwamanani ama-32-bit lapho wenza imisebenzi ye-bitwise kanye ne-OR, ne-XOR ku-eBPF ALU32. Umhlaseli angasebenzisa leli gciwane ukufunda nokubhala idatha ngaphandle kwemikhawulo yebhafa eyabiwe. Inkinga yokusebenza kwe-XOR ibilokhu ikhona kusukela ku-kernel 5.7-rc1, ne-AND kanye no-OR kusukela ngo-5.10-rc1.
- I-CVE-2021-3489: ukuba sengozini kubangelwa isiphazamisi ekusetshenzisweni kwe-ring buffer futhi kuhlobene neqiniso lokuthi umsebenzi we-bpf_ringbuf_reserve awuzange ubheke ukuthi kungenzeka yini ukuthi ubukhulu bendawo yememori eyabiwe buncane kunobukhulu bangempela be-ringbuf buffer. Inkinga ibonakele selokhu kukhishwe i-5.8-rc1.
Futhi, singabona futhi okunye ukuba sengozini ku-kernel ye-Linux: CVE-2021-32606, okuyi ivumela umsebenzisi wendawo ukuthi akhuphule amalungelo akhe aye ezimpandeni. Inkinga izibonakalisa kusukela ku-Linux kernel 5.11 futhi idalwa yisimo somjaho ekusebenziseni umthetho olandelwayo we-CAN ISOTP, owenza kube nokwenzeka ukushintsha amapharamitha okubopha amasokhethi ngenxa yokuntuleka kokucushwa kwamalokhi afanele ku- isotp_setsockopt () lapho ifulegi licutshungulwa I-CAN_ISOTP_SF_BROADCAST.
Lapho nje isokhethi, ISOTP iyaqhubeka ukubophela kusokhethi yomamukeli, engaqhubeka nokusebenzisa izakhiwo ezihlotshaniswa nesokhethi ngemuva kokuthi imemori ehambisanayo ikhululiwe (ukusetshenziswa-ngemuva-kwamahhala ngenxa yocingo lwesakhiwo isopt_sock esivele ikhishwe lapho ngifonaI-sotp_rcv (). Ngokukhohlisa idatha, ungabhala ngaphezulu isikhombi somsebenzi sk_error_report () bese usebenzisa ikhodi yakho ezingeni le-kernel.
Isimo sokulungiswa kokukhubazeka ekusabalalisweni kungalandelwa kulawa makhasi: Ubuntu, Debian, RHEL, Fedora, SUSE, Arch).
Ukulungiswa kuyatholakala njengamachashazi (i-CVE-2021-3489 ne-CVE-2021-3490). Ukuxhashazwa kwenkinga kuncike ebukhoneni bocingo ohlelweni lwe-eBPF lomsebenzisi. Isibonelo, ekucushweni okuzenzakalelayo ku-RHEL, ukuxhaphaza ukuba sengozini kudinga umsebenzisi ukuthi abe namalungelo we-CAP_SYS_ADMIN.
Okokugcina uma ufuna ukwazi kabanzi ngayo, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.