An gano ɓarna a cikin tsarin kernel na Linux Netfilter da io_uring waɗanda ke ba masu amfani da gida damar haɓaka gatansu a cikin tsarin:
- Rashin lahani (CVE-2023-32233) a cikin tsarin Netfilter wanda ya haifar da samun damar ƙwaƙwalwar ajiya bayan amfani a cikin nf_tables module, wanda ke tabbatar da aikin tacewar fakitin nftables. Ana iya amfani da raunin ta hanyar aika buƙatun ƙira na musamman don sabunta tsarin nftables. Harin yana buƙatar samun dama ga nftables, waɗanda za a iya samu a cikin keɓantaccen sunan cibiyar sadarwa (fassarar sunan cibiyar sadarwa) idan kuna da haƙƙoƙin CLONE_NEWUSER, CLONE_NEWNS ko CLONE_NEWNET (misali, idan kuna iya gudanar da wani keɓaɓɓen akwati).
Don ba masu amfani lokaci don shigar da sabuntawa, mai binciken wanda ya gano matsalar ya yi alkawarin jinkirta har tsawon mako guda (har zuwa 15 ga Mayu) buga cikakken bayani da kuma misali na yin amfani da aiki wanda ke ba da tushen harsashi. An daidaita raunin a cikin sabuntawa 6.4-rc1. Kuna iya bin gyare-gyaren rashin ƙarfi a cikin rabawa akan shafuka masu zuwa: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.
- Rashin lahani (CVE ba a sanya shi ba tukuna) a cikin aiwatar da io_uring asynchronous I/O interface wanda aka haɗa a cikin Linux kernel tun lokacin da aka saki 5.1. Matsalar tana faruwa ne ta hanyar kwaro a cikin aikin io_sqe_buffer_register, wanda ke ba da damar yin amfani da ƙwaƙwalwar ajiyar jiki a waje da iyakokin ma'ajin da aka keɓe. Matsalar ta bayyana ne kawai a cikin reshe na 6.3 kuma za a gyara shi a cikin sabuntawa mai zuwa 6.3.2. An riga an sami samfurin amfani mai aiki don gwaji, wanda ke ba ku damar aiwatar da lamba tare da gatan kwaya.
source: budenet.ru