Chiwopsezo (CVE-2021-22555) chadziwika mu Netfilter, kagawo kakang'ono ka Linux kernel yomwe imagwiritsidwa ntchito kusefa ndikusintha mapaketi a netiweki, omwe amalola wogwiritsa ntchito wakomweko kupeza mwayi padongosolo, kuphatikiza ali mchidebe chakutali. Chiwonetsero chogwira ntchito chomwe chimadutsa njira zotetezera za KASLR, SMAP ndi SMEP zakonzedwa kuti ziyesedwe. Wofufuza yemwe adapeza chiwopsezochi adalandira mphotho ya $20 kuchokera ku Google pozindikira njira yodutsira kudzipatula kwa zotengera za Kubernetes mgulu la kCTF.
Vutoli lakhala liripo kuyambira pomwe kernel 2.6.19, idatulutsidwa zaka 15 zapitazo, ndipo idayamba chifukwa cha cholakwika mu IPT_SO_SET_REPLACE ndi IP6T_SO_SET_REPLACE zowongolera zomwe zimayambitsa kusefukira kwa buffer potumiza magawo opangidwa mwapadera kudzera pa foni ya setsockopt munjira yolumikizirana. Munthawi yanthawi zonse, wogwiritsa ntchito mizu yekha ndiye amatha kuyimba foni ku compat_setsockopt(), koma mwayi wofunikira kuti uchite chiwembucho utha kupezedwanso ndi wogwiritsa ntchito wopanda mwayi pamakina omwe ali ndi chithandizo cha malo ogwiritsira ntchito.
Wogwiritsa ntchito amatha kupanga chidebe chokhala ndi mizu yosiyana ndikugwiritsa ntchito chiwopsezo kuchokera pamenepo. Mwachitsanzo, "malo ogwiritsira ntchito" amayatsidwa mwachisawawa pa Ubuntu ndi Fedora, koma osayatsidwa pa Debian ndi RHEL. Chigamba chokonza chiwopsezochi chidalandiridwa mu Linux kernel pa Epulo 13. Zosintha zamaphukusi zapangidwa kale ndi ma projekiti a Debian, Arch Linux ndi Fedora. Ku Ubuntu, RHEL ndi SUSE, zosintha zikukonzekera.
Vuto limapezeka mu xt_compat_target_from_user() ntchito chifukwa cha kuwerengera kolakwika kwa kukula kwa kukumbukira posunga zomangira za kernel pambuyo pa kutembenuka kuchokera ku 32-bit kupita ku 64-bit kuyimira. Vutoli limalola ma byte anayi kuti alembedwe pamalo aliwonse kupitilira buffer yomwe yaperekedwa yomangidwa ndi offset 0x4C. Izi zidakhala zokwanira kupanga mwayi womwe umalola kuti munthu apeze ufulu wa mizu - pochotsa m_list-> cholozera chotsatira mu msg_msg, mikhalidwe idapangidwa kuti mupezere data mutatha kumasula kukumbukira (kugwiritsa ntchito pambuyo paulere), yomwe idagwiritsidwa ntchito kupeza zambiri za ma adilesi ndi zosintha kuzinthu zina kudzera mukusintha kuyimba kwa msgsnd() system.
Source: opennet.ru