Qhov tsis zoo tau raug txheeb xyuas nyob rau hauv Linux ntsiav (CVE-2022-42896), uas tuaj yeem siv los teeb tsa cov cai tswj hwm chaw taws teeb ntawm qib kernel los ntawm kev xa cov pob ntawv L2CAP tshwj xeeb ntawm Bluetooth. Tsis tas li ntawd, lwm qhov teeb meem zoo sib xws (CVE-2022-42895) tau raug txheeb xyuas hauv L2CAP handler uas tuaj yeem xau cov ntsiab lus nco hauv cov ntaub ntawv teeb tsa. Thawj qhov tsis zoo tau tshwm sim txij thaum Lub Yim Hli 2014 (kernel 3.16), thiab thib ob txij lub Kaum Hli 2011 (kernel 3.0). Cov vulnerabilities tau kho nyob rau hauv Linux kernel tso tawm 6.1.0, 6.0.8, 4.9.333, 4.14.299, 4.19.265, 5.4.224, 5.10.154, thiab 5.15.78. Koj tuaj yeem taug qab kev txhim kho hauv kev faib tawm ntawm nplooj ntawv hauv qab no: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.
Kev siv cov qauv uas khiav ntawm Ubuntu 22.04 tau tshaj tawm los ua kom pom qhov muaj peev xwm ntawm kev tawm tsam rau tej thaj chaw deb. Txhawm rau ua qhov kev tawm tsam, tus neeg tawm tsam yuav tsum nyob hauv thaj tsam ntawm Bluetooth - tsis tas yuav tsum muaj kev sib txuas ua ntej, tab sis Bluetooth yuav tsum ua haujlwm ntawm lub computer. Rau kev tawm tsam, nws txaus kom paub qhov chaw nyob MAC ntawm tus neeg raug tsim txom lub cuab yeej, uas tuaj yeem txiav txim siab los ntawm kev hnia lossis, ntawm qee cov khoom siv, suav raws li Wi-Fi MAC chaw nyob.
Thawj qhov tsis zoo (CVE-2022-42896) yog tshwm sim los ntawm kev nkag mus rau thaj chaw nco tau tso tseg (siv-tom qab-dawb) hauv kev ua haujlwm ntawm l2cap_connect thiab l2cap_le_connect_req - tom qab tsim cov channel ntawm kev hu rov qab hu new_connection, lub xauv tsis tau teem rau nws, tab sis lub sijhawm teem sijhawm (__set_chan_timer), tom qab lub sijhawm, hu rau l2cap_chan_timeout muaj nuj nqi thiab tshem tawm cov channel yam tsis tau kuaj xyuas qhov kev txiav tawm ntawm kev ua haujlwm nrog cov channel hauv l2cap_le_connect* ua haujlwm.
Lub sijhawm ncua sij hawm yog 40 vib nas this thiab nws tau xav tias qhov kev sib tw tsis tuaj yeem tshwm sim nrog qhov ncua sij hawm, tab sis nws tau pom tias vim muaj lwm yam kab mob hauv SMP handler, nws muaj peev xwm hu xov tooj tam sim thiab ncav cuag qhov kev sib tw. Ib qho teeb meem hauv l2cap_le_connect_req tuaj yeem ua rau lub cim xeeb hauv lub cim xeeb, thiab hauv l2cap_connect nws tuaj yeem sau cov ntsiab lus ntawm lub cim xeeb thiab ua tiav koj cov cai. Thawj qhov sib txawv ntawm qhov kev tawm tsam tuaj yeem ua tiav siv Bluetooth LE 4.0 (txij li xyoo 2009), qhov thib ob siv Bluetooth BR / EDR 5.2 (txij li xyoo 2020).
Qhov thib ob qhov tsis zoo (CVE-2022-42895) yog tshwm sim los ntawm qhov seem ntawm lub cim xeeb xau hauv l2cap_parse_conf_req muaj nuj nqi, uas tuaj yeem siv tau los ntawm kev xa cov ntaub ntawv hais txog tus taw tes rau cov qauv tsim los ntawm kev xa cov lus thov tshwj xeeb crafted configuration. Hauv kev ua haujlwm l2cap_parse_conf_req, tus qauv l2cap_conf_efs tau siv, uas lub cim xeeb faib tsis tau pib ua ntej, thiab los ntawm kev ua haujlwm nrog FLAG_EFS_ENABLE chij, nws muaj peev xwm ua tiav suav nrog cov ntaub ntawv qub los ntawm pawg rau hauv pob ntawv. Qhov teeb meem tsuas yog tshwm sim ntawm cov kab ke uas cov ntsiav tau tsim nrog CONFIG_BT_HS kev xaiv (neeg xiam oob qhab los ntawm lub neej ntawd, tab sis tau qhib hauv qee qhov kev faib tawm, xws li Ubuntu). Kev ua tiav kev tawm tsam tseem yuav tsum tau teeb tsa HCI_HS_ENABLED parameter ntawm kev tswj hwm kev sib tham kom muaj tseeb (tsis siv los ntawm lub neej ntawd).
Tau qhov twg los: opennet.ru