Ua ʻike ʻia ʻelua mau nāwaliwali ma ka kernel Linux (CVE-2023-1281, CVE-2023-1829) e hiki ai i kahi mea hoʻohana kūloko ke hoʻokiʻekiʻe i ko lākou mau pono i ka ʻōnaehana. Pono ka hoʻouka ʻana i ka mana e hana a hoʻololi i nā classifiers traffic, loaʻa me nā kuleana CAP_NET_ADMIN, hiki ke loaʻa me ka hiki ke hana i nā inoa inoa mea hoʻohana. Aia nā pilikia mai ka 4.14 kernel a paʻa i ka lālā 6.2.
Hoʻokumu ʻia nā nāwaliwali ma ke komo ʻana i ka hoʻomanaʻo ma hope o ka hoʻokuʻu ʻia (hoʻohana-ma hope-free) i ka code classifier traffic tcindex, ʻo ia kahi ʻāpana o ka subsystem QoS (Quality of service) o ka kernel Linux. Hōʻike ka nāwaliwali mua iā ia iho ma muli o kahi kūlana lāhui i ka wā e hoʻonui ai i nā kānana hash maikaʻi ʻole, a ʻo ka lua o ka nāwaliwali i ka wā e holoi ai i kahi kānana hash maikaʻi loa. Hiki iā ʻoe ke hahai i ka hoʻoponopono ʻana i nā māhele ma nā ʻaoʻao aʻe: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch. No ka pale ʻana i ka hoʻohana ʻana i ka nāwaliwali i kahi workaround, hiki iā ʻoe ke hoʻopau i ka hiki ke hana i nā inoa inoa e nā mea hoʻohana pono ʻole ("sudo sysctl -w kernel.unprivileged_userns_clone=0").
Source: opennet.ru