A cikin lambar tsarin iSCSI na kernel Linux An gano wani rauni (CVE-2021-27365) wanda ke bawa mai amfani na gida mara gata damar aiwatar da lambar matakin kernel da kuma samun gata na tushen tsarin. Ana samun samfurin amfani mai aiki don gwaji. An gyara raunin a cikin sabuntawar kernel. Linux 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, da 4.4.260. Ana samun sabuntawar fakitin Kernel a cikin rarrabawa Debian, Ubuntu, SUSE/openSUSE, Arch Linux da kuma Fedora. Ba a sake fitar da wani faci na RHEL ba tukuna.
Matsalar ta samo asali ne daga wani kuskure a cikin aikin iscsi_host_get_param() na module ɗin libiscsi, wanda aka gabatar a shekarar 2006 yayin haɓaka tsarin iSCSI. Saboda rashin ingantaccen duba girman, wasu fasalulluka na igiyar iSCSI, kamar sunan mai masauki ko sunan mai amfani, na iya wuce ƙimar PAGE_SIZE (4 KB). Mai amfani mara gata zai iya amfani da raunin ta hanyar aika saƙonnin Netlink waɗanda ke saita halayen iSCSI zuwa ƙimar da ta wuce PAGE_SIZE. Lokacin karanta waɗannan fasalulluka ta hanyar sysfs ko seqfs, ana kiran lambar da ke aika halayen zuwa aikin sprintf don kwafa zuwa cikin ma'ajiyar girman daidai da PAGE_SIZE.
Amfani da raunin da ke cikin rarrabawa ya dogara ne akan goyon bayan ɗaukar nauyin tsarin kernel na scsi_transport_iscsi ta atomatik lokacin ƙoƙarin ƙirƙirar soket na NETLINK_ISCSI. A cikin rarrabawa inda aka ɗora wannan tsarin ta atomatik, ana iya yin harin ba tare da la'akari da aikin iSCSI ba. Duk da haka, cin nasara yana buƙatar yin rijistar aƙalla jigilar iSCSI guda ɗaya. Ana iya amfani da tsarin kernel na ib_iser, wanda ake ɗorawa ta atomatik lokacin da mai amfani mara gata ya yi ƙoƙarin ƙirƙirar soket na NETLINK_RDMA, don yin rijistar jigilar.
Ana tallafawa ɗaukar kayayyaki ta atomatik da ake buƙata don amfani da amfani a cikin CentOS 8, RHEL 8, da Fedora lokacin shigar da fakitin rdma-core, wanda ya dogara ne akan fakiti da yawa da aka fi sani kuma ana shigar da shi ta tsohuwa a cikin workstation, uwar garken da ke tushen GUI, da kuma saitunan host na kama-da-wane. Duk da haka, ba a shigar da rdma-core lokacin amfani da ginin sabar na console kawai ko lokacin shigar da ƙaramin hoton shigarwa ba. Misali, fakitin yana cikin rarrabawar tushen Fedora 31 Workstation, amma ba a cikin Fedora 31 Server ba. Debian и Ubuntu ba su da sauƙin kamuwa da matsalar, tunda fakitin rdma-core yana loda kayan aikin kernel da ake buƙata don kai harin ne kawai idan kayan aikin RDMA yana nan.
A matsayin hanyar magance matsalar, zaku iya kashe lodin atomatik na module ɗin libiscsi: echo "install libiscsi /bin/true" >> /etc/modprobe.d/disable-libiscsi.conf
Bugu da ƙari, an gyara raunin kwararar bayanai guda biyu marasa tsanani a cikin tsarin iSCSI: CVE-2021-27363 (zubar da bayanin jigilar bayanai ta hanyar sysfs) da CVE-2021-27364 (an karanta daga waje). Ana iya amfani da waɗannan raunin don sadarwa tare da tsarin iSCSI ta hanyar soket ɗin NetLink ba tare da gata mai mahimmanci ba. Misali, mai amfani mara gata zai iya haɗawa da iSCSI kuma ya ba da umarnin "ƙara zaman" don dakatar da zaman.
source: budenet.ru
