Cov kws tshawb fawb txog kev nyab xeeb los ntawm Google tau txheeb xyuas qhov muaj qhov tsis zoo (CVE-2025-38236) hauv Linux ntsiav uas tso cai rau kom muaj cai nce ntxiv. Ntawm lwm yam, qhov muaj qhov tsis zoo tso cai rau kev hla lub sandbox kev cais tawm siv hauv Google Chrome thiab ua tiav cov txheej txheem txheej txheem thaum ua tiav cov lej hauv cov ntsiab lus ntawm cov txheej txheem sib cais ntawm Chrome (piv txwv li, thaum siv lwm qhov tsis zoo hauv Chrome). Qhov teeb meem tshwm sim pib nrog Linux kernel 6.9 thiab tau kho hauv Linux ntsiav hloov tshiab 6.1.143, 6.6.96, 6.12.36, thiab 6.15.5. Ib tug qauv ntawm kev siv yog muaj rau download.
Qhov tsis zoo yog tshwm sim los ntawm kev ua yuam kev hauv MSG_OOB chij, uas tuaj yeem teeb tsa rau AF_UNIX sockets. MSG_OOB ("tawm-ntawm-band") chij tso cai rau ib tug ntxiv byte mus txuas rau cov ntaub ntawv xa mus, uas tus txais yuav nyeem tau ua ntej tag nrho cov ntaub ntawv tau txais. Tus chij no tau ntxiv rau hauv Linux 5.15 kernel ntawm qhov kev thov ntawm Oracle thiab tau thov kom tshem tawm xyoo tas los vim nws tsis tau siv dav.
Chrome txoj kev siv sandbox tau tso cai rau UNIX lub qhov (socket) ua haujlwm thiab xa()/recv() system hu qhov twg tus chij MSG_OOB tau tso cai nrog rau lwm cov kev xaiv thiab tsis cais cais. Ib kab laum hauv MSG_OOB kev siv tau tso cai rau kev siv-tom qab-dawb mob tshwm sim tom qab ua tiav qee qhov kev hu xov tooj: char dummy; hauv thom khwm[2]; socketpair(AF_UNIX, SOCK_STREAM, 0, thom khwm); send(socks[1], "A", 1, MSG_OOB); recv(socks[0], &dummy, 1, MSG_OOB); send(socks[1], "A", 1, MSG_OOB); recv(socks[0], &dummy, 1, MSG_OOB); send(socks[1], "A", 1, MSG_OOB); recv(socks[0], &dummy, 1, 0); recv(socks[0], &dummy, 1, MSG_OOB);
Tau qhov twg los: opennet.ru
