Izolo imininingwane ikhishwe mayelana nokuba sengozini kwe-Linux kernel futhi esivele ibhalwe njenge-CVE-2021-3609. Lokhu kuba sengozini ivumela umsebenzisi wendawo ukuthi akhuphule amalungelo akhe ohlelweni ngenxa yesimo somjaho ekusetshenzisweni komthetho olandelwayo we-CAN BCM futhi kuboniswe kuzinguqulo 2.6.25 kuya ku-5.13-rc6 ze-Linux kernel.
Isinqumo sithatha inzuzo ngoba I-CAN BCM protocol ikuvumela ukuthi ubhalise umphathi wakho womlayezo yenethiwekhi yendawo yesilawuli (i-CAN) bese uyixhuma kusokhethi ethile yenethiwekhi. Lapho kufika umlayezo ongenayo, umsebenzi ubizwa bcm_rx_handler () umhlaseli angasebenzisa ithuba lomjaho futhi aphoqe isokhethi yenethiwekhi ukuthi ivalwe ngenkathi kukhishwa bcm_rx_handler ().
Inkinga iza lapho isokhethi livaliwe futhi umsebenzi ubizwa bcm_ ngicela (), lapho kukhululwa khona inkumbulo yezakhiwo bcm_op futhi bcm_sock, eqhubeka nokusetshenziswa ekuphatheni bcm_rx_handler () esaqhubeka, ngakho-ke kuvela isimo esiholela ekufinyeleleni kubhulokhi yememori esivele ikhululiwe (sebenzisa-ngemuva-kwamahhala).
Lesi isimemezelo sesiphazamisi esisanda kubikwa (i-CVE-2021-3609) kuhlelo lwenethiwekhi lwe-CAN BCM ku-kernel ye-Linux esukela kunguqulo 2.6.25 kuya ku-5.13-rc6.
Ukuba sengozini kuyisimo somjaho ku-net / can / bcm.c evumela ukukhuphuka kwelungelo kube yimpande. Inkinga yaqale yabikwa yi-syzbot kwathi uNorbert Slusarek wakhombisa ukuxhashazwa.
Lokhu kuhlasela kwenzeka ukuvula amasokhethi amabili e-CAN BCM nokuwahlanganisa ku-vcan interface. Kwisixhumi sokuqala, uyabiza sendmsg () ngenkomba RX_SETUP ukumisa isilawuli semilayezo engenayo ye-CAN nakwisixhumi sesibili, uyabiza sendmsg () ukuthumela umlayezo kusixhumi sokuqala.
Ngemuva kokufika komyalezo, ikholi ye-bcm_rx_handler () iyenziwa futhi umhlaseli athathe umzuzu ofanele avale isokhethi lokuqala, okuholela ekwethulweni kwe- bcm_ ngicela () nokwethulwa kwezinhlaka bcm_op kanye bcm_sock, yize umsebenzi we bcm_rx_handler () awukaqedwa.
Ngokukhohlisa okuqukethwe kwe-bcm_sock, umhlaseli angabhala ngaphezulu isikhombisi ekusebenzeni kwe- sk-> sk_data_ready (sk), aqondise kabusha ukwenziwa, futhi, esebenzisa amasu we-program-oriented programming (ROP), abhale ngaphezulu ipharamitha ye-modprobe_path futhi enze ikhodi yakhe isebenze njengezimpande .
Lapho usebenzisa inqubo ye-ROP, umhlaseli akazami ukubeka ikhodi yakhe ukukhumbula, kepha kuyasebenza izingcezu ze imiyalo yomshini isivele ikhona kwimitapo yolwazi elayishiwe, egcina ngesitatimende sokubuyisa ukulawula (njengomthetho, lokhu kungukuphela kwemisebenzi yelabhulali).
Izimvume ezidingekayo zokwenza ukuhlasela zingatholwa ngumsebenzisi ongenalungelo kuziqukathi ezakhiwe kumasistimu anezikhala zamagama zomsebenzisi ezinikwe amandla. Isibonelo, izikhala zamagama abasebenzisi zifakiwe ngokuzenzakalela ku-Ubuntu naseFedora, kepha azivunyelwe ku-Debian nase-RHEL.
Umzamo wami wokuxhaphaza ugxila ezinhlamvwini ezinenguqulo> = 5.4-rc1 kusuka ku-commit bf74aa86e111. Angizange ngiphenye ukuxhaphaza ama-kernels amadala kuno-5.4-rc1 ngisebenzisa ama-tasklets, noma kunjalo ukuxhaphaza izinhlamvu ezindala kubonakala kunokwenzeka futhi.
Kushiwo lokho umcwaningi okhombe ukuba sengozini ukwazile ukulungiselela ukuxhashazwa ukuthola amalungelo ezimpande kumasistimu anezinhlamvu kusuka kuhlobo 5.4 nangemva kwalokho, kufaka phakathi ukuthi kungenzeka kuhlaselwe ngempumelelo ku-Ubuntu 20.04.02 LTS.
Umsebenzi wokuxhaphaza unciphiselwe ekwakheni uchungechunge lwamakholi kumabhulokhi afanayo ("amagajethi") ukuthola ukusebenza okudingekayo. Ukuhlasela kudinga ukufinyelela ukudala amasokhethi we-CAN kanye ne-interface ye-vcan yenethiwekhi emisiwe.
Okokugcina kushiwo ukuthi inkinga isaqhubeka ekusatshalalisweni okuningi, kepha kuyizinsuku ezimbalwa ngaphambi kokukhishwa kwamabala afanayo.
Uma unesifiso sokwazi okwengeziwe ngakho, ungabonisana isixhumanisi esilandelayo.