An gano wani rauni (CVE-2022-2590) a cikin Linux kernel, wanda ke ba wa mai amfani damar canza fayilolin da aka yi taswirar ƙwaƙwalwar ajiya (taswirar) da fayiloli a cikin tmpfs ba tare da rubuta haƙƙinsu ba, kuma don haɓaka gatansu a cikin tsarin. . Matsalar da aka gano ta yi kama da nau'in lahani na Dirty COW, amma ya bambanta da cewa an iyakance shi kawai ga tasirin bayanai a cikin ƙwaƙwalwar ajiyar da aka raba (shmem / tmpfs). Hakanan za'a iya amfani da matsalar don gyara fayilolin da za'a iya aiwatarwa masu gudana waɗanda ke amfani da ƙwaƙwalwar ajiya.
Matsalar tana faruwa ne ta hanyar yanayin tsere a cikin tsarin sarrafa ƙwaƙwalwar ajiya wanda ke faruwa lokacin sarrafa keɓanta (laifi) da aka jefa lokacin ƙoƙarin rubuta damar zuwa wuraren karantawa kawai a cikin ƙwaƙwalwar ajiyar da aka nuna a cikin yanayin COW (kwafin-kan-rubuta) yanayin. Matsalar tana bayyana farawa daga kernel 5.16 akan tsarin tare da x86-64 da aarch64 architecture lokacin gina kernel tare da zaɓin CONFIG_USERFAULTFD=y. An daidaita raunin a cikin sakin 5.19. An shirya buga misali na cin zarafi a ranar 15 ga Agusta.
source: budenet.ru