An gano wata lahani a cikin lambar TCP-tushen RDS yarjejeniya mai kula da yarjejeniya (Tabbataccen Socket Datagram, net/rds/tcp.c) (), wanda zai iya haifar da samun dama ga yankin ƙwaƙwalwar ajiya da aka rigaya da kuma ƙin sabis (mai yiwuwa, yiwuwar yin amfani da matsala don tsara kisa code ba a cire). Matsalar tana faruwa ne ta yanayin tseren da zai iya faruwa lokacin aiwatar da aikin rds_tcp_kill_sock yayin share kwasfa don sunan cibiyar sadarwa.
A cikin ƙayyadaddun bayanai matsalar ana yiwa alama a matsayin mai amfani mai nisa akan hanyar sadarwa, amma yin la'akari da bayanin , ba tare da kasancewar gida ba a cikin tsarin da kuma yin amfani da sunayen sunaye, ba zai yiwu ba a shirya wani hari daga nesa. Musamman, a cewar Masu haɓaka SUSE, ana amfani da raunin rauni a cikin gida kawai; shirya hari yana da wahala sosai kuma yana buƙatar ƙarin gata a cikin tsarin. Idan a cikin NVD ana kimanta matakin haɗari a maki 9.3 (CVSS v2) da 8.1 (CVSS v2), to bisa ga ƙimar SUSE ana tantance haɗarin a maki 6.4 cikin 10.
Wakilan Ubuntu kuma ana ɗaukar haɗarin matsalar matsakaici. A lokaci guda, daidai da ƙayyadaddun CVSS v3.0, an ba da matsala a babban matakin hadaddun kai hari kuma an sanya amfani da maki 2.2 kawai cikin 10.
Kuna hukunta by daga Sisiko, ana amfani da raunin rauni ta hanyar aika fakitin TCP zuwa sabis na cibiyar sadarwa mai aiki kuma an riga an sami samfuri na amfani. Har yanzu ba a bayyana iyakar abin da wannan bayanin ya yi daidai da gaskiya ba; watakila rahoton kawai ya tsara zato na NVD. By Har yanzu ba a ƙirƙiri amfani da VulDB ba kuma ana amfani da matsalar a cikin gida kawai.
Matsalar tana bayyana a cikin kernels kafin 5.0.8 kuma ana toshe ta ta Maris , an haɗa shi a cikin kernel 5.0.8. A mafi yawan rarraba matsalar ba a warware ta ba (, , , ). An saki gyaran don SLE12 SP3, openSUSE 42.3 da .
source: budenet.ru