Chiwopsezo (CVE-2021-27365) chadziwika mu iSCSI subsystem code ya Linux kernel, yomwe imalola wogwiritsa ntchito m'deralo kuti apereke kachidindo pamlingo wa kernel ndikupeza mwayi mudongosolo. Chitsanzo chogwira ntchito chogwiritsidwa ntchito chilipo kuti chiyesedwe. Kusatetezekako kudayankhidwa mu zosintha za Linux kernel 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, ndi 4.4.260. Zosintha za phukusi la Kernel zikupezeka pa Debian, Ubuntu, SUSE/openSUSE, Arch Linux ndi Fedora zogawa. Palibe zokonza zomwe zatulutsidwa za RHEL pano.
Vutoli limayambitsidwa ndi cholakwika mu ntchito ya iscsi_host_get_param () kuchokera ku gawo la libiscsi, lomwe linayambika mmbuyo mu 2006 panthawi ya chitukuko cha iSCSI subsystem. Chifukwa chosowa makulidwe oyenera, zingwe zina za iSCSI, monga dzina la olandila kapena lolowera, zitha kupitilira mtengo wa PAGE_SIZE (4 KB). Chiwopsezochi chitha kugwiritsidwa ntchito ngati wogwiritsa ntchito wopanda mwayi wotumiza mauthenga a Netlink omwe amakhazikitsa ma iSCSI kuti akhale ndi mikhalidwe yoposa PAGE_SIZE. Izi zikawerengedwa kupyola mu sysfs kapena seqfs, kachidindo amatchedwa kuti kapereke zikhumbo ku ntchito ya sprintf kuti zikopedwe mu buffer yomwe kukula kwake ndi PAGE_SIZE.
Kugwiritsiridwa ntchito kwa chiwopsezo pakugawira kumadalira kuthandizira pakutsegula kwa scsi_transport_iscsi kernel module poyesa kupanga socket ya NETLINK_ISCSI. M'magawidwe omwe gawoli lidanyamulidwa zokha, kuwukirako kumatha kuchitika mosasamala kanthu za ntchito ya iSCSI. Panthawi imodzimodziyo, kuti mugwiritse ntchito bwino ntchitoyo, kulembetsa mayendedwe osachepera a iSCSI kumafunikanso. Nawonso, kulembetsa zoyendera, mutha kugwiritsa ntchito ib_iser kernel module, yomwe imatsitsidwa yokha pomwe wogwiritsa ntchito wopanda mwayi ayesa kupanga socket ya NETLINK_RDMA.
Kutsegula ma modules ofunikira kuti mugwiritse ntchito ntchito kumathandizidwa mu CentOS 8, RHEL 8 ndi Fedora mukakhazikitsa phukusi la rdma-core pa dongosolo, lomwe limadalira phukusi lodziwika bwino ndipo limayikidwa mwachisawawa pakusintha kwa malo ogwirira ntchito, machitidwe a seva ndi GUI ndi madera omwe akuchitikira virtualization. Komabe, rdma-core sichimayikidwa mukamagwiritsa ntchito msonkhano wa seva womwe umagwira ntchito mumayendedwe a console komanso mukayika chithunzi chocheperako. Mwachitsanzo, phukusili likuphatikizidwa pakugawa koyambira kwa Fedora 31 Workstation, koma sikuphatikizidwa mu Fedora 31 Server. Debian ndi Ubuntu sakhudzidwa ndi vutoli chifukwa phukusi la rdma-core limanyamula ma module a kernel ofunikira pakuwukira kokha ngati zida za RDMA zilipo.
Monga njira yachitetezo, mutha kuletsa kutsitsa kwa gawo la libiscsi: echo "kukhazikitsa libiscsi /bin/true" >> /etc/modprobe.d/disable-libiscsi.conf
Kuphatikiza apo, ziwopsezo ziwiri zocheperako zomwe zingayambitse kutayikira kwa data kuchokera ku kernel zakhazikitsidwa mu iSCSI subsystem: CVE-2021-27363 (iSCSI transport descriptor information leakage through sysfs) ndi CVE-2021-27364 (out-of-bounds buffer) kuwerenga). Zowopsa izi zitha kugwiritsidwa ntchito kulumikizana kudzera pa netlink socket ndi iSCSI subsystem popanda mwayi wofunikira. Mwachitsanzo, wogwiritsa ntchito wopanda mwayi amatha kulumikizana ndi iSCSI ndikupereka lamulo la "kuthetsa gawo" kuti athetse gawolo.
Source: opennet.ru