A cikin Linux kernel rauni (), wanda ke ba ku damar haifar da ƙin sabis ta hanyar aika fakitin UDP na musamman (fakitin mutuwa). Matsalar tana haifar da kuskure a cikin mai sarrafa udp_gro_receive_segment (net/ipv4/udp_offload.c) tare da aiwatar da fasahar GRO (Generic Receive Offload) kuma yana iya haifar da lalata abubuwan da ke cikin wuraren ƙwaƙwalwar kernel yayin sarrafa fakitin UDP tare da fakitin sifili. (kayan biya mara komai).
Matsalar tana shafar kwaya kawai tun da GRO goyon bayan UDP soket ya kasance a watan Nuwambar bara kuma kawai ya sami damar shiga sabuwar barga ta kwaya. Fasahar GRO tana ba ku damar haɓaka sarrafa fakiti masu yawa masu shigowa ta hanyar haɗa fakiti da yawa zuwa manyan tubalan waɗanda basa buƙatar sarrafa fakiti daban-daban.
Ga TCP, matsalar ba ta faruwa, tunda wannan ka'ida ba ta goyan bayan tara fakiti ba tare da kaya ba.
Ya zuwa yanzu an daidaita rashin lafiyar a cikin tsari kawai , har yanzu ba a buga sabuntawar gyara ba (sabuntawa na jiya 5.0.11 gyara ). Daga na'urorin rarrabawa, kernel 5.0 ya sami damar haɗa su a ciki , , , da sauran rabawa da aka sabunta akai-akai. , , и matsalar bata shafa ba.
An gano matsalar a sakamakon haka Tsarin gwajin fuzzing mai sarrafa kansa wanda Google ya kirkira da analyzer (KernelAddressSanitizer), da nufin gano kurakurai lokacin aiki tare da ƙwaƙwalwar ajiya da gaskiyar samun damar ƙwaƙwalwar ajiya ba daidai ba, kamar samun damar wuraren ƙwaƙwalwar ajiya da aka 'yantar da sanya lamba a wuraren ƙwaƙwalwar ajiya ba a yi niyya don irin wannan magudi ba.
source: budenet.ru