Kua whakakitea ngā mōhiohio e pā ana ki te ngoikoretanga (CVE-2023-6200) i roto i te puranga whatunga kernel. Linux, e āhei ai, i raro i ētahi āhuatanga, i tētahi kaiwhakaeke i runga i tētahi whatunga ā-rohe ki te whakahaere i tā rātou waehere mā te tuku i tētahi mōkihi ICMPv6 kua hangaia mō tētahi kaupapa motuhake kei roto he karere RA (Pānuitanga Pouara) hei whakatairanga i ngā mōhiohio e pā ana ki tētahi pouara.
Ka taea anake te whakamahi i te ngoikoretanga mai i tētahi whatunga ā-rohe, ā, ka puta mai i ngā pūnaha kua whakahohea te tautoko IPv6, ā, kei te hohe te tawhā sysctl "net.ipv6.conf.<network_interface_name>.accept_ra" (ka taea te tirotiro mā te whakahau "sysctl net.ipv6.conf| grep accept_ra"), ka monoa i te taunoa i roto i te RHEL me Ubuntu mō ngā atanga whatunga o waho, engari i whakahohea mō te atanga whakamuri, e āhei ai te whakaeke mai i te pūnaha kotahi.
Ko te whakaraeraetanga i puta mai i tetahi ahuatanga iwi i te wa e tukatuka ana te kaikohi paru i nga rekoata fib6_info kua mate, ka uru atu ki tetahi waahi mahara kua wetekina (whakamahi-muri-kore). Ina tae mai he putea ICMPv6 me te karere panui pouara (RA, Router Advertisement), ka karangahia e te puranga whatunga te mahi ndisc_router_discovery(), mena kei roto i te karere RA nga korero mo te roanga o te huarahi, ka karangahia te mahi fib6_set_expires() ka whakakiia te gc_link hanganga. Hei horoi i nga urunga tawhito, whakamahia te mahi fib6_clean_expires(), ka wetewete i te urunga i roto i te gc_link me te whakakore i te mahara i whakamahia e te hanganga fib6_info. I tenei keehi, he wa ano kua wetekina te mahara mo te hanganga fib6_info, engari kei te noho tonu te hono ki te hanganga gc_link.
Ka puta te ngoikoretanga mai i te peka 6.6, ā, i whakatikahia i ngā putanga 6.6.9 me 6.7. Ka taea te aromatawai i te tūnga o te whakatikatika o te ngoikoretanga i roto i ngā tohatoha i ēnei whārangi: Debian, Ubuntu, SUSE, RHEL, Fedora, Arch Linux, Gentoo, Slackware. I roto i ngā tohatoha e tuku ana i ngā mōkihi kernel 6.6, he mea tika kia whakahuatia a Arch. Linux, Gentoo, Fedora, Slackware, OpenMandriva me Manjaro, i roto i ētahi atu tohatoha tera pea ka whakahokia te huringa me te hapa ki roto i ngā mōkihi me ngā peka kernel tawhito (hei tauira, i roto i Debian (E whakahuatia ana kei te kernel 6.5.13 te mōkihi ngoikore, engari i whakaurua te huringa raruraru ki te peka 6.6.) Hei huarahi whakaoti, ka taea e koe te whakakore i te IPv6, te whakatakoto rānei i te uara 0 ki ngā tawhā "net.ipv6.conf.*.accept_ra".
Source: opennet.ru
