Nyob rau hauv kev siv ntawm futex (ceev userspace mutex) system hu, pawg nco pab tom qab dawb tau kuaj pom thiab tshem tawm. Qhov no, nyob rau hauv lem, tso cai rau tus attacker los ua nws cov cai nyob rau hauv lub ntsiab lus teb ntawm lub ntsiav, nrog rau tag nrho cov tshwm sim los ntawm ib tug kev ruaj ntseg point of view. Lub vulnerability yog nyob rau hauv qhov yuam kev handler code.
Kev kho Qhov tsis zoo no tshwm sim hauv Linux mainline thaum Lub Ib Hlis 28 thiab hnub ua ntej nag hmo nws tau nkag mus rau hauv kernels 5.10.12, 5.4.94, 4.19.172, 4.14.218.
Thaum lub sij hawm sib tham txog qhov kev kho no, nws tau pom tias qhov tsis zoo no muaj nyob rau hauv txhua lub kernels txij li xyoo 2008:
https://www.openwall.com/lists/oss-security/2021/01/29/3
FWIW, qhov kev cog lus no muaj:
Fixes: 1b7558e457ed ("futexes: fix fault handle in futex_lock_pi")
thiab lwm yam kev cog lus yog los ntawm 2008. Yog li tej zaum tag nrho tam sim no
Linux distros thiab kev xa tawm raug cuam tshuam, tshwj tsis yog qee yam
lwm tus mitigated qhov teeb meem nyob rau hauv ib co kernel versions.
Tau qhov twg los: linux.org.ru ua