An gano wani rauni (CVE-2022-1729) a cikin Linux kernel, kyale mai amfani da gida ya sami tushen tushen tsarin. Rashin lahani yana haifar da yanayin tsere a cikin tsarin tsarin perf, wanda za'a iya amfani dashi don fara samun damar amfani da bayan-free zuwa wurin da aka riga aka 'yanta na ƙwaƙwalwar kernel. Matsalar tana bayyana tun lokacin da kernel 4.0-rc1. An tabbatar da ikon aiki don sakewa 5.4.193+.
Gyaran yana samuwa a cikin sigar faci kawai. Haɗarin rashin lahani yana raguwa ta gaskiyar cewa yawancin rabawa ta hanyar tsohuwa suna hana damar yin amfani da perf ga masu amfani marasa gata. A matsayin tsarin aiki don kariya, zaku iya saita madaidaicin sysctl kernel.perf_event_paranoid zuwa 3.
source: budenet.ru