An gano rauni (CVE-2021-4155) a cikin lambar tsarin fayil na XFS wanda ke ba da damar mai amfani na gida damar karanta bayanan toshewar da ba a yi amfani da shi kai tsaye daga na'urar toshewa. Duk manyan nau'ikan kernel na Linux waɗanda suka girmi 5.16 waɗanda ke ɗauke da direban XFS suna shafar wannan batun. An haɗa gyara a cikin sigar 5.16, haka kuma a cikin sabuntar kernel 5.15.14, 5.10.91, 5.4.171, 4.19.225, da sauransu. Matsayin sabuntawa da aka samar don gyara matsalar a cikin rabawa ana iya bin diddigin waɗannan shafuka: Debian, RHEL, SUSE, Fedora, Ubuntu, Arch.
Rashin lahani yana faruwa ne ta hanyar halayen da ba daidai ba na takamaiman ioctl guda biyu na XFS-IOC (XFS_IOC_ALLOCSP) da ioctl (XFS_IOC_FREESP), waɗanda ke aiki daidai da tsarin kiran tsarin falocate (). Lokacin daɗa girman fayil ɗin da bai daidaita ba, ioctls XFS_IOC_ALLOCSP/XFS_IOC_FREESP ba sa sake saita bytes ɗin wutsiya zuwa sifili har sai iyakar toshe ta gaba. Don haka, akan XFS tare da daidaitaccen girman toshe na 4096 bytes, maharin zai iya karanta har zuwa 4095 bytes na bayanan da aka rubuta a baya daga kowane toshe. Waɗannan wuraren suna iya ƙunsar bayanai daga fayilolin da aka goge, fayilolin da ba a gushe ba, da fayiloli tare da ɓangarorin da aka cire.
Kuna iya gwada tsarin ku don matsalar ta amfani da samfurin amfani mai sauƙi. Idan, bayan aiwatar da tsarin da aka tsara na umarni, yana yiwuwa a karanta rubutun Shakespeare, to direban FS yana da rauni. Da farko hawa ɓangaren XFS don nunawa yana buƙatar tushen gata.
Tunda ioctl(XFS_IOC_ALLOCSP) da ioctl(XFS_IOC_FREESP) kusan iri daya ne a cikin aiki da ma'aunin falocate(), kuma kawai bambancinsu shine yabo bayanai, kasancewarsu yayi kama da kofa ta baya. Duk da babban manufar rashin canza musaya da ke cikin kernel, bisa shawarar Linus, an yanke shawarar cire waɗannan ioctls gaba ɗaya a sigar ta gaba.
source: budenet.ru