An bayyana rashin lahani (CVE-2021-4160) a cikin ɗakin karatu na cryptographic na OpenSSL saboda kuskuren aiwatar da adder a cikin aikin BN_mod_exp, yana haifar da dawo da sakamakon da ba daidai ba na aikin squaring. Batun yana faruwa ne kawai akan kayan masarufi dangane da gine-ginen MIPS32 da MIPS64, kuma yana iya haifar da sasantawa na elliptical curve algorithms, gami da waɗanda aka yi amfani da su ta tsohuwa a cikin TLS 1.3. An gyara batun a cikin Disamba OpenSSL 1.1.1m da 3.0.1 sabuntawa.
An lura cewa aiwatar da hare-hare na ainihi don samun bayanai game da maɓallan masu zaman kansu ta amfani da matsala da aka gano ana la'akari da RSA, DSA da Diffie-Hellman algorithm (DH, Diffie-Hellman) kamar yadda zai yiwu, amma mai yiwuwa, mai wuyar gaske don aiwatarwa kuma yana buƙatar manyan albarkatun kwamfuta. A wannan yanayin, an cire hari kan TLS, tun a cikin 2016, lokacin da aka kawar da raunin CVE-2016-0701, an hana raba maɓallin keɓaɓɓen DH ɗaya tsakanin abokan ciniki.
Bugu da ƙari, ana iya lura da rashin lahani da yawa kwanan nan a cikin ayyukan buɗe tushen:
- Lalacewar da yawa (CVE-2022-0330) a cikin direban zane na i915 saboda rashin sake saitin GPU TLB. Idan ba a yi amfani da IOMMU (fassarar adireshi) ba, lahanin yana ba da damar shiga shafukan ƙwaƙwalwar ajiya bazuwar daga sararin mai amfani. Ana iya amfani da matsalar don lalata ko karanta bayanai daga wuraren ƙwaƙwalwar ajiya bazuwar. Matsalar tana faruwa akan duk haɗin gwiwar Intel GPUs masu hankali. Ana aiwatar da gyaran ta hanyar ƙara tilas TLB flush kafin yin kowane aikin dawo da buffer na GPU zuwa tsarin, wanda zai haifar da raguwar aiki. Tasirin aikin ya dogara da GPU, ayyukan da aka yi akan GPU, da nauyin tsarin. Gyaran yana samuwa kawai azaman faci.
- Rashin lahani (CVE-2022-22942) a cikin direban zane na vmwgfx, wanda aka yi amfani da shi don aiwatar da haɓakar 3D a cikin mahallin VMware. Batun yana ba mai amfani mara gata damar samun damar fayilolin da wasu matakai suka buɗe akan tsarin. Harin yana buƙatar samun dama ga na'urar /dev/dri/card0 ko /dev/dri/rendererD128, haka kuma da ikon bayar da kira ioctl() tare da sakamakon bayanin fayil ɗin.
- Rashin lahani (CVE-2021-3996, CVE-2021-3995) a cikin ɗakin karatu na libmount da aka tanada a cikin kunshin util-linux yana ba mai amfani mara gata damar cire sassan diski ba tare da izini ba. An gano matsalar a lokacin da ake duba shirye-shiryen SUID-tushen umount da fusermount.
- Rashin lahani a cikin daidaitaccen ɗakin karatu na C Glibc yana shafar hanyar gaske (CVE-2021-3998) da ayyukan getcwd (CVE-2021-3999).
- Matsalar da ke cikin hanyar () tana faruwa ta hanyar dawo da ƙimar da ba daidai ba a ƙarƙashin wasu sharuɗɗa, mai ɗauke da ragowar bayanan da ba a warware ba daga tari. Don shirin SUID-tushen fusermount, ana iya amfani da raunin don samun bayanai masu mahimmanci daga ƙwaƙwalwar tsari, misali, don samun bayanai game da masu nuni.
- Matsala a cikin getcwd() tana ba da izinin buffer-byte guda. Matsalar ta samo asali ne daga wani kwaro da ke nan tun 1995. Don haifar da ambaliya, kawai a kira chdir() akan kundin adireshi na "/" a cikin wani wurin sunaye na daban. Babu wani bayani kan ko raunin ya iyakance ne kawai don aiwatar da hadarurruka, amma an yi ta yin wasu abubuwan da aka yi amfani da su don yin aiki don irin wannan rauni a baya, duk da shakkun masu haɓakawa.
- Rashin lahani (CVE-2022-23220) a cikin kunshin usbview yana ba masu amfani da gida damar shiga ta hanyar SSH don aiwatar da lamba azaman tushen saboda saiti a cikin dokokin PolKit (allow_any = eh) don gudanar da mai amfani da usbview azaman tushen ba tare da tantancewa ba. Aiki ya sauko don amfani da zaɓin "-gtk-module" don loda ɗakin karatu a cikin usbview. An gyara matsalar a usbview 2.2.
source: budenet.ru