Kua kitea e nga kairangahau haumarutanga mai i a Google he whakaraeraetanga (CVE-2025-38236) i roto i te kernel Linux e taea ai te piki ake o te mana. I roto i etahi atu mea, ko te whakaraeraetanga ka taea te maataki i te miihini wehe pouaka kirikiri e whakamahia ana i roto i a Google Chrome me te whakatutuki i te whakatinanatanga waehere taumata-kero i te wa e mahia ana te waehere i roto i te horopaki o te tukanga whakaputa Chrome taratahi (hei tauira, ina whakamahi i tetahi atu whakaraeraetanga i Chrome). Ka puta te take me te Linux kernel 6.9 ka whakatikahia i roto i nga whakahou kernel Linux 6.1.143, 6.6.96, 6.12.36, me 6.15.5. Kei te waatea te tauira o te mahi hei tango.
Ko te whakaraeraetanga na te hapa whakatinanatanga i te haki MSG_OOB, ka taea te whakarite mo nga turanga AF_UNIX. Ka taea e te haki MSG_OOB ("waho-o-ropu") he paita atu ki te whakapiri atu ki nga raraunga ka tukuna, ka taea e te kaiwhiwhi te panui i mua i te whiwhinga o te toenga o nga raraunga. I whakauruhia tenei haki ki roto i te Linux 5.15 kernel i runga i te tono a Oracle, a, i tonohia kia whakakorehia i tera tau na te mea kaore i whakamahia nuitia.
Ko te whakatinanatanga o te pouaka kirikiri a Chrome i whakaaetia nga whakahaerenga turanga UNIX me te tuku waea ()/recv() ki te waahi i whakaaetia te haki MSG_OOB me etahi atu whiringa kaore i tātarihia. Ko te pepeha i roto i te whakatinanatanga MSG_OOB i whakaaetia kia puta he ahuatanga-muri-kore-kore i muri i te mahi i etahi raupapa waea punaha: char dummy; int tōkena[2]; takirua (AF_UNIX, SOCK_STREAM, 0, tōkena); tuku(tokena[1], "A", 1, MSG_OOB); recv(tokena[0], &tire, 1, MSG_OOB); tuku(tokena[1], "A", 1, MSG_OOB); recv(tokena[0], &tire, 1, MSG_OOB); tuku(tokena[1], "A", 1, MSG_OOB); recv(tōkena[0], &hangarau, 1, 0); recv(tokena[0], &tire, 1, MSG_OOB);
Source: opennet.ru
