Qhov tsis zoo (CVE-2021-27803) tau raug txheeb xyuas nyob rau hauv pob wpa_supplicant, siv los txuas rau lub network wireless hauv ntau Linux, * BSD thiab Android kev faib tawm, uas tuaj yeem siv los tua cov cai tawm tsam thaum ua tshwj xeeb tsim Wi-Fi Direct tswj ntas (Wi-Fi P2P). Txhawm rau ua kom muaj kev tawm tsam, tus neeg tawm tsam yuav tsum nyob hauv thaj tsam ntawm lub wireless network kom xa cov txheej txheem tshwj xeeb tsim rau tus neeg raug tsim txom.
Qhov teeb meem yog tshwm sim los ntawm kab laum nyob rau hauv Wi-Fi P2P handler, vim tias qhov kev ua haujlwm ntawm PDR tsis raug formatted PDR (Provision Discovery Request) thav duab tuaj yeem ua rau muaj qhov xwm txheej uas cov ntaub ntawv hais txog P2P qub yuav raug muab tshem tawm thiab cov ntaub ntawv yuav raug sau rau ib qho uas twb tau tso tseg thaiv thaiv (siv -after-free). Qhov teeb meem cuam tshuam rau wpa_supplicant tso tawm 1.0 txog 2.9, suav nrog CONFIG_P2P kev xaiv.
Qhov tsis zoo yuav raug kho hauv wpa_supplicant 2.10 tso tawm. Hauv kev faib tawm, qhov hloov kho tshiab tau tshaj tawm rau Fedora Linux. Cov xwm txheej ntawm kev tshaj tawm cov hloov tshiab los ntawm lwm qhov kev faib tawm tuaj yeem taug qab ntawm nplooj ntawv: Debian, Ubuntu, RHEL, SUSE, Arch Linux. Raws li kev ua haujlwm rau kev thaiv qhov tsis zoo, tsuas yog lov tes taw P2P kev txhawb nqa los ntawm kev qhia "p2p_disabled = 1" hauv cov chaw lossis khiav "P2P_SET xiam oob qhab 1" hais kom ua hauv CLI interface.
Tau qhov twg los: opennet.ru