Chiwopsezo (CVE-2021-4204) chadziwika mu kagawo kakang'ono ka eBPF, komwe kumakupatsani mwayi wothamangitsa oyendetsa mkati mwa Linux kernel mumakina apadera omwe ali ndi JIT, kulola wogwiritsa ntchito wopanda mwayi wamba kuti akwaniritse mwayi wawo ndikuchita ma code awo pa Mulingo wa Linux kernel. Vutoli lakhala likuwonekera kuyambira Linux kernel 5.8 ndipo silinakhazikitsidwe (kuphatikiza kumasulidwa 5.16). Mkhalidwe wa zosintha zomwe zikupangidwira kukonza vutoli pakugawa zitha kutsatiridwa pamasamba awa: Debian, RHEL, SUSE, Fedora, Ubuntu, Arch. Zalengezedwa kuti ntchito yogwira ntchito yapangidwa, yomwe ikukonzekera kusindikizidwa pa January 18 (ogwiritsa ntchito ndi omanga apatsidwa sabata kuti akonze chiwopsezo).
Chiwopsezocho chimadza chifukwa cha kutsimikizira kolakwika kwa mapulogalamu a eBPF omwe amaperekedwa kuti aphedwe. EBPF subsystem imapereka ntchito zothandizira, kugwiritsa ntchito moyenera komwe kumatsimikiziridwa ndi wotsimikizira wapadera. Ntchito zina zimafuna kupititsa mtengo wa PTR_TO_MEM ngati mkangano, ndikuteteza kuti buffer kusefukira, wotsimikizira ayenera kudziwa kukula kwa kukumbukira komwe kumakhudzana ndi mkangano. Kwa bpf_ringbuf_submit ndi bpf_ringbuf_discard ntchito, deta ya kukula kwa kukumbukira kosamutsidwa sikunanenedwe kwa zotsimikizira, zomwe zingagwiritsidwe ntchito kulembera malo okumbukira kupyola malire a buffer pochita ma code eBPF opangidwa mwapadera.
Kuti achite chiwembu, wogwiritsa ntchitoyo ayenera kutsitsa pulogalamu yake ya BPF, ndipo magawo ambiri aposachedwa a Linux amaletsa izi mwachisawawa (kuphatikiza mwayi wopanda mwayi wa eBPF tsopano waletsedwa mwachisawawa mu kernel yokha, kuyambira ndi kumasulidwa 5.16). Mwachitsanzo, chiwopsezocho chingagwiritsidwe ntchito pakusintha kosasintha mu Ubuntu 20.04 LTS, koma m'malo Ubuntu 22.04-dev, Debian 11, openSUSE 15.3, RHEL 8.5, SUSE 15-SP4 ndi Fedora 33 zikuwoneka ngati woyang'anira akhazikitsa. kernel.unprivileged_bpf_disabled parameter ku 0. Monga njira yothetsera vutolo, mukhoza kuteteza kuchitidwa kwa mapulogalamu a BPF ndi ogwiritsa ntchito opanda pake ndi lamulo "sysctl -w kernel.unprivileged_bpf_disabled=1".
Source: opennet.ru