Chiwopsezo (CVE-2021-27803) chadziwika mu phukusi la wpa_supplicant, lomwe limagwiritsidwa ntchito kulumikiza ma netiweki opanda zingwe m'magawo ambiri a Linux, *BSD ndi Android, omwe angagwiritsidwe ntchito kuyika nambala yowukira pokonza Wi-Fi yopangidwa mwapadera. Mafelemu owongolera mwachindunji (Wi-Fi P2P). Kuti achite chiwembu, wowukirayo ayenera kukhala pamalo ofikira ma netiweki opanda zingwe kuti atumize mafelemu opangidwa mwapadera kwa wozunzidwayo.
Vutoli limayamba chifukwa cha cholakwika mu chogwirizira cha Wi-Fi P2P, chifukwa chake kukonzanso mawonekedwe a PDR (Provision Discovery Request) osasinthidwa molakwika kumatha kupangitsa kuti mbiri yakale ya P2P ichotsedwe ndipo Zambiri zidzalembedwera ku memory block yomasulidwa kale (gwiritsani ntchito -after-free). Nkhaniyi ikukhudza wpa_supplicant kutulutsa 1.0 mpaka 2.9, yopangidwa ndi njira ya CONFIG_P2P.
Chiwopsezocho chidzakhazikika pakumasulidwa kwa wpa_supplicant 2.10. Pogawira, kusintha kwa hotfix kwasindikizidwa kwa Fedora Linux. Momwe mungasinthire zosintha ndi magawo ena akhoza kutsatiridwa pamasamba: Debian, Ubuntu, RHEL, SUSE, Arch Linux. Monga njira yoletsera chiwopsezo, ingoletsani chithandizo cha P2P pofotokoza "p2p_disabled=1" pazokonda kapena kuyendetsa lamulo la "P2P_SET disabled 1" mu mawonekedwe a CLI.
Source: opennet.ru