An gano wani rauni (CVE-2021-27365) a cikin lambar tsarin iSCSI na Linux kernel wanda zai iya ba da damar mai amfani da gida mara gata don aiwatar da lamba a matakin kernel kuma ya sami tushen gata akan tsarin. Akwai samfurin aiki na amfani don gwaji. An daidaita rashin lafiyar a cikin sabuntawar kwaya ta Linux 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260 da 4.4.260. Ana samun sabuntawar fakitin Kernel akan Debian, Ubuntu, SUSE/openSUSE, Arch Linux, da Rarraba Fedora. Har yanzu ba a fitar da gyaran RHEL ba.
Matsalar tana faruwa ne ta hanyar kuskure a cikin aikin iscsi_host_get_param () daga tsarin libiscsi, wanda aka gabatar a baya a cikin 2006 yayin haɓaka tsarin tsarin iSCSI. Saboda rashin ingantaccen bincike mai girma, wasu sifofi na iSCSI, kamar sunan mai masauki ko sunan mai amfani, na iya wuce ƙimar PAGE_SIZE (4 KB). Mai amfani mara gata zai iya yin amfani da raunin da zai iya aika saƙon Netlink wanda ya saita halayen iSCSI zuwa ƙimar da ta fi PAGE_SIZE. Lokacin da aka karanta waɗannan sifofin ta hanyar sysfs ko seqfs, ana kiran lambar da ke ba da sifofi zuwa aikin sprintf don a kwafi su cikin buffer wanda girmansa PAGE_SIZE ne.
Yin amfani da rashin lahani a cikin rarraba ya dogara da goyan baya don lodawa ta atomatik na samfurin kernel scsi_transport_iscsi lokacin ƙoƙarin ƙirƙirar soket NETLINK_ISCSI. A kan rarrabawa inda aka loda wannan tsarin ta atomatik, ana iya kai hari ba tare da la'akari da amfani da aikin iSCSI ba. A lokaci guda, don nasarar aikace-aikacen cin nasara, ana buƙatar rajistar aƙalla jigilar iSCSI ɗaya. Hakanan, zaku iya amfani da module ib_iser kernel, wanda ake lodawa ta atomatik lokacin da mai amfani mara gata yayi ƙoƙarin ƙirƙirar soket NETLINK_RDMA, don yin rijistar jigilar kaya.
Ana ɗaukar nauyin kayan aikin atomatik da ake buƙata don amfani da amfani a cikin CentOS 8, RHEL 8 da Fedora lokacin da aka shigar da kunshin rdma-core akan tsarin, wanda shine dogaro ga wasu shahararrun fakiti kuma an shigar dashi ta tsohuwa a cikin jeri don wuraren aiki, tsarin uwar garken tare da GUI da rundunonin mahallin kama-da-wane. A lokaci guda, ba a shigar da rdma-core lokacin amfani da ginin uwar garken da ke aiki kawai a yanayin wasan bidiyo da lokacin shigar da ƙaramin hoton shigarwa. Misali, an haɗa kunshin a cikin tushen rarraba Fedora 31 Workstation, amma ba a haɗa shi a cikin Fedora 31 Server ba. Debian da Ubuntu ba su da wani tasiri, saboda kunshin rdma-core kawai yana ɗora kayan kernel da ake buƙata don hari idan kayan aikin RDMA na nan.
A matsayin tsarin tsaro, zaku iya musaki lodin atomatik na ƙirar libiscsi: echo "install libiscsi /bin/true" >> /etc/modprobe.d/disable-libiscsi.conf
Bugu da ƙari, an daidaita wasu ƙananan raunin haɗari guda biyu a cikin tsarin iSCSI wanda zai iya haifar da zubar da bayanai daga kwaya: CVE-2021-27363 (yayi bayanin game da bayanin jigilar iSCSI ta hanyar sysfs) da CVE-2021-27364 (karantawa daga kernel). wurin da ba'a da iyaka) . Ana iya amfani da waɗannan raunin don sadarwa ta hanyar soket na netlink tare da tsarin iSCSI ba tare da gata masu mahimmanci ba. Misali, mai amfani mara gata zai iya haɗawa zuwa iSCSI kuma ya aika umarnin "ƙarshen zaman" don ƙare zaman.
source: budenet.ru