An gano wani rauni (CVE-2022-0435) a cikin tsarin kernel na Linux wanda ke tabbatar da aiwatar da yarjejeniyar hanyar sadarwa ta TIPC (Transparent Inter-process Communication), mai yuwuwar ba da izinin aiwatar da lambar a matakin kernel ta hanyar aika hanyar sadarwa ta musamman. fakiti. Batun yana shafar tsarin kawai tare da tipc.ko kernel module ɗin da aka ɗora da kuma daidaita tarin TIPC, wanda yawanci ana amfani dashi a cikin gungu kuma ba a kunna shi ta tsohuwa akan rarraba Linux na musamman.
An lura cewa lokacin gina kernel a cikin yanayin "CONFIG_FORTIFY_SRC = y" (an yi amfani da shi a cikin RHEL), wanda ke ƙara ƙarin iyakokin iyakoki zuwa aikin memcpy (), aiki yana iyakance ga dakatarwar gaggawa (tsoron kernel). Idan an aiwatar da shi ba tare da ƙarin cak ba kuma idan bayanai game da alamun canary ɗin da aka yi amfani da su don kare tari ya bazu, ana iya amfani da matsalar don aiwatar da lambar nesa tare da haƙƙin kwaya. Masu binciken da suka gano matsalar sun yi iƙirarin cewa dabarar amfani ba ta da yawa kuma za a bayyana su bayan yaɗuwar cutar da ke cikin rarrabawa.
Rashin lahani yana faruwa ne ta hanyar tari mai yawa wanda ke faruwa lokacin sarrafa fakiti, ƙimar filin tare da adadin nodes memba na yanki wanda ya zarce 64. Don adana sigogin kumburi a cikin tsarin tipc.ko, tsayayyen tsararru “membobin u32[64] ]" ana amfani da shi, amma a cikin aiwatar da ƙayyadaddun ƙayyadaddun fakitin lambar node ba ta duba ƙimar "member_cnt", wanda ke ba da damar ƙimar da ta fi 64 da za a yi amfani da ita don sarrafa bayanan da ke cikin yankin ƙwaƙwalwar ajiya na gaba. zuwa tsarin "dom_bef" akan tari.
An gabatar da kwaro da ke haifar da raunin a ranar 15 ga Yuni, 2016 kuma an haɗa shi a cikin Linux 4.8 kernel. An magance rashin lafiyar a cikin sakin kernel Linux 5.16.9, 5.15.23, 5.10.100, 5.4.179, 4.19.229, 4.14.266, da 4.9.301. A cikin kernels na yawancin rarraba matsalar ta kasance ba a gyara ba: RHEL, Debian, Ubuntu, SUSE, Fedora, Gentoo, Arch Linux.
Ericsson ne ya ƙera ƙa'idar TIPC ta asali, an ƙera shi don tsara hanyoyin sadarwa a cikin gungu kuma ana kunna ta musamman akan nodes ɗin tari. TIPC na iya aiki akan ko dai Ethernet ko UDP (tashar tashar sadarwa 6118). Lokacin aiki akan Ethernet, ana iya kai harin daga cibiyar sadarwar gida, da kuma lokacin amfani da UDP, daga cibiyar sadarwar duniya idan tashar wuta ba ta rufe tashar jiragen ruwa. Har ila yau, za a iya kai harin ta wurin mai amfani da gidan mara gata. Don kunna TIPC, kuna buƙatar zazzage tsarin tipc.ko kernel module kuma saita ɗaurin zuwa cibiyar sadarwa ta amfani da netlink ko mai amfani na tipc.
source: budenet.ru