ProHoster > ื‘ืœื•ื’ > ื—ื“ืฉื•ืช ื‘ืื™ื ื˜ืจื ื˜ > ืคื’ื™ืขื•ื™ื•ืช ื‘ืœื™ื‘ืช ืœื™ื ื•ืงืก ืžื ื•ืฆืœื•ืช ืžืจื—ื•ืง ื‘ืืžืฆืขื•ืช Bluetooth

ืคื’ื™ืขื•ื™ื•ืช ื‘ืœื™ื‘ืช ืœื™ื ื•ืงืก ืžื ื•ืฆืœื•ืช ืžืจื—ื•ืง ื‘ืืžืฆืขื•ืช Bluetooth

ื–ื•ื”ืชื” ืคื’ื™ืขื•ืช (CVE-2022-42896) ื‘ืœื™ื‘ืช ื”ืœื™ื ื•ืงืก, ืฉื™ื›ื•ืœื” ืœืฉืžืฉ ืœืืจื’ื•ืŸ ื‘ื™ืฆื•ืข ืงื•ื“ ืžืจื—ื•ืง ื‘ืจืžืช ื”ืœื™ื‘ื” ืขืœ ื™ื“ื™ ืฉืœื™ื—ืช ื—ื‘ื™ืœืช L2CAP ืฉืชื•ื›ื ื ื” ื‘ืžื™ื•ื—ื“ ื‘ืืžืฆืขื•ืช Bluetooth. ื‘ื ื•ืกืฃ, ื–ื•ื”ืชื” ื‘ืขื™ื” ื“ื•ืžื” ื ื•ืกืคืช (CVE-2022-42895) ื‘ืžื˜ืคืœ L2CAP, ืžื” ืฉืขืœื•ืœ ืœื”ื•ื‘ื™ืœ ืœื“ืœื™ืคื” ืฉืœ ืชื•ื›ืŸ ื–ื™ื›ืจื•ืŸ ื”ืœื™ื‘ื” ื‘ืžื ื•ืช ืขื ืžื™ื“ืข ืชืฆื•ืจื”. ื”ืคื’ื™ืขื•ืช ื”ืจืืฉื•ื ื” ืžื•ืคื™ืขื” ืžืื– ืื•ื’ื•ืกื˜ 2014 (ืงืจื ืœ 3.16), ื•ื”ืฉื ื™ื™ื” ืžืื– ืื•ืงื˜ื•ื‘ืจ 2011 (ืงืจื ืœ 3.0). ื”ืคื’ื™ืขื•ื™ื•ืช ื˜ื•ืคืœื• ื‘ืžื”ื“ื•ืจื•ืช ืœื™ื‘ืช ืœื™ื ื•ืงืก 6.1.0, 6.0.8, 4.9.333, 4.14.299, 4.19.265, 5.4.224, 5.10.154 ื•-5.15.78. ืืชื” ื™ื›ื•ืœ ืœืขืงื•ื‘ ืื—ืจ ื”ืชื™ืงื•ื ื™ื ื‘ื”ืคืฆื•ืช ื‘ื“ืคื™ื ื”ื‘ืื™ื: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.

ื›ื“ื™ ืœื”ื“ื’ื™ื ืืช ื”ืืคืฉืจื•ืช ืœื‘ืฆืข ืชืงื™ืคื” ืžืจื—ื•ืง, ืคื•ืจืกืžื• ื ื™ืฆื•ืœ ืื‘ ื˜ื™ืคื•ืก ืฉืขื•ื‘ื“ ืขืœ ืื•ื‘ื•ื ื˜ื• 22.04. ื›ื“ื™ ืœื‘ืฆืข ืชืงื™ืคื”, ื”ืชื•ืงืฃ ื—ื™ื™ื‘ ืœื”ื™ื•ืช ื‘ื˜ื•ื•ื— Bluetooth - ืื™ืŸ ืฆื•ืจืš ื‘ื”ืชืืžื” ืžืจืืฉ, ืื‘ืœ Bluetooth ื—ื™ื™ื‘ ืœื”ื™ื•ืช ืคืขื™ืœ ื‘ืžื—ืฉื‘. ืœื”ืชืงืคื”, ืžืกืคื™ืง ืœื“ืขืช ืืช ื›ืชื•ื‘ืช ื”-MAC ืฉืœ ื”ืžื›ืฉื™ืจ ืฉืœ ื”ืงื•ืจื‘ืŸ, ืื•ืชื” ื ื™ืชืŸ ืœืงื‘ื•ืข ืขืœ ื™ื“ื™ ืจื—ืจื•ื— ืื•, ื‘ืžื›ืฉื™ืจื™ื ืžืกื•ื™ืžื™ื, ืœื—ืฉื‘ ืขืœ ืกืžืš ื›ืชื•ื‘ืช ื”-MAC ืฉืœ ื”-Wi-Fi.

ื”ืคื’ื™ืขื•ืช ื”ืจืืฉื•ื ื” (CVE-2022-42896) ื ื’ืจืžืช ืขืœ ื™ื“ื™ ื’ื™ืฉื” ืœืื–ื•ืจ ื–ื™ื›ืจื•ืŸ ืคื ื•ื™ ื›ื‘ืจ (use-after-free) ื‘ื™ื™ืฉื•ื ืฉืœ ื”ืคื•ื ืงืฆื™ื•ืช l2cap_connect ื•-l2cap_le_connect_req - ืœืื—ืจ ื™ืฆื™ืจืช ืขืจื•ืฅ ื“ืจืš ื”-new_connection callback, ืœื ื”ื•ื’ื“ืจ ื ืขื™ืœื” ืขื‘ื•ืจื•, ืืš ื ืงื‘ืข ื˜ื™ื™ืžืจ (__set_chan_timer ), ืขื ืคืงื™ืขืช ื”ื–ืžืŸ ื”ืงืฆื•ื‘, ืงืจื™ืื” ืœืคื•ื ืงืฆื™ื™ืช l2cap_chan_timeout ื•ื ื™ืงื•ื™ ื”ืขืจื•ืฅ ืžื‘ืœื™ ืœื‘ื“ื•ืง ืืช ื”ืฉืœืžืช ื”ืขื‘ื•ื“ื” ืขื ื”ืขืจื•ืฅ ื‘ืคื•ื ืงืฆื™ื•ืช l2cap_le_connect*.

ืคืกืง ื”ื–ืžืŸ ื”ืžื•ื’ื“ืจ ื›ื‘ืจื™ืจืช ืžื—ื“ืœ ื”ื•ื 40 ืฉื ื™ื•ืช ื•ื”ื”ื ื—ื” ื”ื™ื™ืชื” ืฉืžืฆื‘ ืžื™ืจื•ืฅ ืœื ื™ื›ื•ืœ ืœื”ืชืจื—ืฉ ืขื ืขื™ื›ื•ื‘ ื›ื–ื”, ืืš ื”ืชื‘ืจืจ ื›ื™ ืขืงื‘ ืฉื’ื™ืื” ื ื•ืกืคืช ื‘ืžื˜ืคืœ SMP, ื ื™ืชืŸ ื”ื™ื” ืœื”ืฉื™ื’ ืงืจื™ืื” ืžื™ื™ื“ื™ืช ืœื˜ื™ื™ืžืจ ื•ืœื”ืฉื™ื’ ืžืฆื‘ Race. ื‘ืขื™ื” ื‘-l2cap_le_connect_req ื™ื›ื•ืœื” ืœื”ื•ื‘ื™ืœ ืœื“ืœื™ืคืช ื–ื™ื›ืจื•ืŸ ืœื™ื‘ื”, ื•ื‘-l2cap_connect ื”ื™ื ืขืœื•ืœื” ืœื”ื•ื‘ื™ืœ ืœื”ื—ืœืคืช ืชื•ื›ืŸ ื”ื–ื™ื›ืจื•ืŸ ื•ืœื‘ื™ืฆื•ืข ื”ืงื•ื“ ืฉืœื•. ืกื•ื’ ื”ื”ืชืงืคื” ื”ืจืืฉื•ืŸ ื™ื›ื•ืœ ืœื”ืชื‘ืฆืข ื‘ืืžืฆืขื•ืช Bluetooth LE 4.0 (ืžืื– 2009), ื”ืฉื ื™ ื‘ืืžืฆืขื•ืช Bluetooth BR/EDR 5.2 (ืžืื– 2020).

ื”ืคื’ื™ืขื•ืช ื”ืฉื ื™ื™ื” (CVE-2022-42895) ื ื’ืจืžืช ืขืœ ื™ื“ื™ ื“ืœื™ืคืช ื–ื™ื›ืจื•ืŸ ืฉื™ื•ืจื™ืช ื‘ืคื•ื ืงืฆื™ื” l2cap_parse_conf_req, ืฉื ื™ืชืŸ ืœื”ืฉืชืžืฉ ื‘ื” ื›ื“ื™ ืœืงื‘ืœ ืžืจื—ื•ืง ืžื™ื“ืข ืขืœ ืžืฆื‘ื™ืขื™ื ืœืžื‘ื ื™ ืœื™ื‘ื” ืขืœ ื™ื“ื™ ืฉืœื™ื—ืช ื‘ืงืฉื•ืช ืชืฆื•ืจื” ื‘ืขืœื•ืช ืžื‘ื ื” ืžื™ื•ื—ื“. ื”ืคื•ื ืงืฆื™ื” l2cap_parse_conf_req ื”ืฉืชืžืฉื” ื‘ืžื‘ื ื” l2cap_conf_efs, ืฉืขื‘ื•ืจื• ื”ื–ื™ื›ืจื•ืŸ ืฉื”ื•ืงืฆื” ืœื ืื•ืชื—ืœ ืžืจืืฉ ื•ืขืœ ื™ื“ื™ ืžื ื™ืคื•ืœืฆื™ื” ืฉืœ ื”ื“ื’ืœ FLAG_EFS_ENABLE ื ื™ืชืŸ ื”ื™ื” ืœื›ืœื•ืœ ื ืชื•ื ื™ื ื™ืฉื ื™ื ืžื”ืžื—ืกื ื™ืช ื‘ื—ื‘ื™ืœื”. ื”ื‘ืขื™ื” ืžื•ืคื™ืขื” ืจืง ื‘ืžืขืจื›ื•ืช ืฉื‘ื”ืŸ ื”ืœื™ื‘ื” ื‘ื ื•ื™ื” ืขื ืืคืฉืจื•ืช CONFIG_BT_HS (ืžื•ืฉื‘ืชืช ื›ื‘ืจื™ืจืช ืžื—ื“ืœ, ืืš ืžื•ืคืขืœืช ื‘ื”ืคืฆื•ืช ืžืกื•ื™ืžื•ืช, ื›ืžื• ืื•ื‘ื•ื ื˜ื•). ื”ืชืงืคื” ืžื•ืฆืœื—ืช ืžื—ื™ื™ื‘ืช ื’ื ืœื”ื’ื“ื™ืจ ืืช ื”ืคืจืžื˜ืจ HCI_HS_ENABLED ื“ืจืš ืžืžืฉืง ื”ื ื™ื”ื•ืœ ื›-true (ืœื ื‘ืฉื™ืžื•ืฉ ื›ื‘ืจื™ืจืช ืžื—ื“ืœ).

ืžืงื•ืจ: OpenNet.ru

ื”ื•ืกืคืช ืชื’ื•ื‘ื”