An gano wani mummunan rauni a cikin tsarin ksmbd, wanda ya haɗa da aiwatar da sabar fayil dangane da ka'idar SMB da aka gina a cikin Linux kernel, wanda ke ba ku damar aiwatar da lambar ku tare da haƙƙin kwaya. Za a iya kai harin ba tare da tantancewa ba; ya isa a kunna ksmbd module akan tsarin. Matsalar tana bayyana tun kernel 5.15, wanda aka saki a watan Nuwamba 2021, kuma an daidaita shi cikin nutsuwa cikin sabuntawa 5.15.61, 5.18.18 da 5.19.2, wanda aka saki a watan Agusta 2022. Tun da har yanzu ba a sanya mai gano CVE ga batun ba, babu takamaiman bayani game da yadda za a gyara batun a cikin rarrabawa.
Har yanzu ba a bayyana cikakkun bayanai game da yin amfani da raunin ba, an san cewa raunin yana faruwa ne ta hanyar shiga wurin da aka riga aka saki (Amfani-Bayan-Kyauta) saboda rashin bincika kasancewar wani abu kafin gudanar da ayyuka. a kai. Matsalar ta samo asali ne saboda aikin smb2_tree_disconnect() yana ’yantar da memorin da aka ware don tsarin ksmbd_tree_connect, amma bayan haka har yanzu akwai alamar da ake amfani da shi wajen sarrafa wasu buƙatun waje masu ɗauke da umarnin SMB2_TREE_DISCONNECT.
Baya ga raunin da aka ambata, an daidaita matsalolin 4 marasa haɗari a cikin ksmbd:
- ZDI-22-1688 - aiwatar da lambar nesa tare da haƙƙin kwaya saboda lambar sarrafa sifa na fayil baya duba ainihin girman bayanan waje kafin kwafa shi zuwa keɓaɓɓen buffer. Ana rage raunin ta hanyar gaskiyar cewa wani ingantaccen mai amfani ne kawai zai iya kai harin.
- ZDI-22-1691 - bayanin nesa yana fitowa daga ƙwaƙwalwar kernel saboda kuskuren duba sigogin shigarwa a cikin mai sarrafa umarni na SMB2_WRITE (mai amfani kawai zai iya kai harin).
- ZDI-22-1687 - ƙin sabis na nesa wanda ya haifar da gajiyar da ke akwai a cikin tsarin saboda kuskuren sakin albarkatun a cikin mai sarrafa umarnin SMB2_NEGOTIATE (za a iya kai harin ba tare da tantancewa ba).
- ZDI-22-1689 - Hadarin kwaya mai nisa wanda ya haifar da gazawar duba daidaitattun sigogin umarnin SMB2_TREE_CONNECT, wanda ya haifar da karantawa daga wani yanki a waje da ma'ajin (mai amfani kawai zai iya kai harin).
Taimako don gudanar da sabar SMB ta amfani da tsarin ksmbd ya kasance a cikin kunshin Samba tun lokacin da aka saki 4.16.0. Ba kamar uwar garken SMB na sarari mai amfani ba, ksmbd ya fi dacewa ta fuskar aiki, yawan ƙwaƙwalwar ajiya, da haɗin kai tare da ci-gaba na kernel. Ksmbd ana ɗaukarsa a matsayin babban aiki, haɓakaccen haɓaka Samba wanda ke haɗawa da kayan aikin Samba da ɗakunan karatu idan an buƙata. Namjae Jeon na Samsung da Hyunchul Lee na LG ne suka rubuta lambar ksmbd, kuma kernel ɗin Steve French na Microsoft ne ke kula da shi, mai kula da tsarin CIFS/SMB2/SMB3 a cikin Linux kernel kuma memba na ƙungiyar ci gaban Samba. , wanda ya ba da gudummawa mai mahimmanci ga aiwatar da tallafi ga ka'idojin SMB/CIFS a Samba da Linux.
source: budenet.ru