An gano wasu lahani masu haɗari da yawa a cikin kernel na Linux waɗanda ke ba masu amfani da gida damar haɓaka gata a cikin tsarin. An shirya samfurori na aiki don duk matsalolin da ake la'akari.
- Rashin lahani (CVE-2022-0995) a cikin tsarin bibiyar taron watch_queue yana ba da damar rubuta bayanai zuwa madaidaicin waje a cikin ƙwaƙwalwar kernel. Duk wani mai amfani mara gata zai iya kai harin kuma yana haifar da lambar su tana aiki tare da haƙƙin kwaya. Rashin lahani yana wanzu a cikin aikin watch_queue_set_size() kuma yana da alaƙa da ƙoƙarin share duk masu nuni a cikin jeri, koda kuwa ba'a keɓance musu ƙwaƙwalwar ajiya ba. Matsalar tana faruwa lokacin gina kernel tare da zaɓin "CONFIG_WATCH_QUEUE = y", wanda ake amfani dashi a yawancin rabawa na Linux.
An magance rashin lafiyar a cikin canjin kwaya da aka ƙara a ranar 11 ga Maris. Kuna iya bin wallafe-wallafen sabuntawar fakiti a cikin rabawa akan waɗannan shafuka: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Samfurin yin amfani ya riga ya samuwa a bainar jama'a kuma yana ba ku damar samun tushen tushen lokacin aiki akan Ubuntu 21.10 tare da kernel 5.13.0-37.
- Rashin lahani (CVE-2022-27666) a cikin esp4 da esp6 kernel modules tare da aiwatar da sauye-sauyen ESP (Encapsulating Security Payload) don IPsec, ana amfani dashi lokacin amfani da IPv4 da IPv6. Rashin lahani yana bawa mai amfani na gida damar yin gata na yau da kullun don sake rubuta abubuwa a cikin ƙwaƙwalwar kernel da haɓaka gatansu akan tsarin. Matsalar tana faruwa ne sakamakon rashin sulhu tsakanin adadin ƙwaƙwalwar ajiya da aka keɓe da ainihin bayanan da aka karɓa, ganin cewa matsakaicin girman saƙon zai iya wuce matsakaicin girman ƙwaƙwalwar ajiya da aka ware don tsarin skb_page_frag_refill.
An daidaita rashin lafiyar a cikin kwaya a ranar Maris 7 (an gyara shi a cikin 5.17, 5.16.15, da sauransu). Kuna iya bin wallafe-wallafen sabuntawar fakiti a cikin rabawa akan waɗannan shafuka: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Samfurin aiki na cin gajiyar, wanda ke ba da damar mai amfani na yau da kullun don samun tushen tushen zuwa Ubuntu Desktop 21.10 a cikin tsararren tsari, an riga an buga shi akan GitHub. An yi iƙirarin cewa tare da ƙananan canje-canje za a yi amfani da su a kan Fedora da Debian. Abin lura shi ne cewa an shirya amfani da farko don gasar pwn2own 2022, amma masu haɓaka kernel sun gano kuma sun gyara wani kwaro mai alaƙa da shi, don haka an yanke shawarar bayyana cikakkun bayanai game da raunin.
- Lalaci guda biyu (CVE-2022-1015, CVE-2022-1016) a cikin tsarin netfilter a cikin tsarin nf_tables, wanda ke tabbatar da aikin tace fakitin nftables. Fitowa ta farko tana bawa mai amfani mara gata na gida damar cimma rubutun da ba ta da iyaka zuwa wurin da aka keɓe akan tari. Zuƙowa yana faruwa lokacin sarrafa maganganun nftables waɗanda aka tsara ta wata hanya kuma ana sarrafa su yayin lokacin duba maƙasudai da aka ayyana ta mai amfani wanda ke da damar yin amfani da ƙa'idodin nftables.
Rashin lahani yana faruwa ne saboda gaskiyar cewa masu haɓakawa sun nuna cewa ƙimar "enum nft_registers reg" ta kasance byte guda ɗaya, lokacin da aka kunna wasu ingantawa, mai tarawa, bisa ga ƙayyadaddun C89, na iya amfani da ƙimar 32-bit don shi. . Saboda wannan fasalin, girman da ake amfani da shi lokacin dubawa da rarraba ƙwaƙwalwar ajiya bai dace da ainihin girman bayanan da ke cikin tsarin ba, wanda ke kaiwa ga wutsiyar tsarin da aka lika tare da masu nuni a kan tari.
Ana iya amfani da matsalar don aiwatar da lamba a matakin kernel, amma hari mai nasara yana buƙatar samun dama ga nftables, waɗanda za a iya samu a cikin wani sunan cibiyar sadarwa daban tare da haƙƙin CLONE_NEWUSER ko CLONE_NEWNET (misali, idan kuna iya gudanar da akwati keɓe). Har ila yau raunin yana da alaƙa da haɓakawa da mai tarawa ke amfani da shi, waɗanda, alal misali, ana kunna su yayin gini a cikin yanayin "CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y". Yin amfani da raunin yana yiwuwa farawa da Linux kernel 5.12.
Rashin lahani na biyu a cikin netfilter yana haifar da samun dama ga wurin ƙwaƙwalwar ajiya da aka riga aka saki (amfani-bayan-free) a cikin mai sarrafa nft_do_chain kuma yana iya haifar da ɓarna na wuraren da ba a sani ba na ƙwaƙwalwar kernel, wanda za'a iya karantawa ta hanyar magudi tare da maganganun nftables da amfani, alal misali, don ƙayyade adiresoshin nuni yayin ci gaban ci gaba don wasu lahani. Yin amfani da raunin yana yiwuwa farawa da Linux kernel 5.13.
Ana magance raunin raunin a cikin facin kwaya na yau 5.17.1, 5.16.18, 5.15.32, 5.10.109, 5.4.188, 4.19.237, 4.14.274, and 4.9.309. Kuna iya bin wallafe-wallafen sabuntawar fakiti a cikin rabawa akan waɗannan shafuka: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Mai binciken wanda ya gano matsalolin ya ba da sanarwar shirye-shiryen fa'idodin aiki don duka raunin biyu, waɗanda aka tsara za a buga a cikin 'yan kwanaki kaɗan, bayan rarraba abubuwan da aka fitar da sabuntawa ga fakitin kwaya.
source: budenet.ru