Masu bincike kan tsaro daga Google sun gano rauni a cikin kernel Linux Akwai raunin da ke ƙara gata (CVE-2025-38236). Daga cikin wasu abubuwa, raunin yana ba da damar kauce wa hanyar ware sandbox da ake amfani da ita a Google Chrome da kuma cimma aiwatar da lambar matakin kernel lokacin aiwatar da lambar a cikin mahallin tsarin yin sandbox na Chrome (misali, ta hanyar amfani da wani rauni a cikin Chrome). Matsalar tana bayyana kanta tun daga kernel. Linux 6.9 kuma an gyara shi a cikin sabuntawar kernel Linux 6.1.143, 6.6.96, 6.12.36 da 6.15.5. Ana iya saukar da samfurin amfani da kwamfuta.
Rashin lafiyar yana faruwa ne sakamakon kuskuren aiwatarwa a cikin tutar MSG_OOB, wanda za'a iya saita shi don soket ɗin AF_UNIX. Tutar MSG_OOB ("waje-waje") tana ba da damar ƙara byte a cikin bayanan da ake aikawa, wanda mai karɓa zai iya karantawa kafin ya karɓi sauran bayanan. An ƙara wannan tutar a cikin kernel. Linux Oracle ya nemi 5.15 kuma an gabatar da shawarar a soke shi a bara saboda ba a amince da shi sosai ba.
Aiwatar da akwatin sandbox na Chrome ya ba da izinin ayyukan UNIX soket da aika ()/recv() tsarin kiran tsarin inda aka ba da izinin tutar MSG_OOB tare da wasu zaɓuɓɓuka kuma ba a tace su daban ba. Kwaro a cikin aiwatar da MSG_OOB ya ba da izinin yanayin amfani bayan-free ya faru bayan aiwatar da wani jerin kira na tsarin: char dummy; int safa[2]; socketpair (AF_UNIX, SOCK_STREAM, 0, safa); aika (safa[1], "A", 1, MSG_OOB); recv(safa[0], &dummy, 1, MSG_OOB); aika (safa[1], "A", 1, MSG_OOB); recv(safa[0], &dummy, 1, MSG_OOB); aika (safa[1], "A", 1, MSG_OOB); recv (safa[0], & dummmy, 1, 0); recv(safa[0], &dummy, 1, MSG_OOB);
source: budenet.ru
