Chiwopsezo chadziwika mu Linux kernel (CVE-2022-0847) yomwe imalola zomwe zili patsambalo kuti zilembedwenso pamafayilo aliwonse, kuphatikiza omwe ali mumayendedwe owerengera okha, otsegulidwa ndi mbendera ya O_RDONLY, kapena omwe ali pamafayilo. zoyikidwa munjira yowerengera-yokha. M'mawu osavuta, chiwopsezocho chingagwiritsidwe ntchito kuyika ma code munjira zosamveka kapena kuwononga data mumafayilo otsegulidwa. Mwachitsanzo, mutha kusintha zomwe zili mu fayilo ya authorized_keys panjira ya sshd. A prototype ya ntchito ikupezeka kuti ayesedwe.
Vutoli latchedwa Dirty Pipe, lofanana ndi chiopsezo chachikulu cha Dirty COW chomwe chinadziwika mu 2016. Zimadziwika kuti pamlingo wowopsa, Chitoliro Chodetsa chili pamlingo womwewo wa Dirty COW, koma ndizosavuta kugwiritsa ntchito. Chiwopsezochi chidadziwika pakuwunika madandaulo okhudza katangale wamafayilo omwe amatsitsidwa pa netiweki pamakina otsitsa zolemba zakale kuchokera pa seva ya log (ziphuphu 37 m'miyezi itatu pamakina odzaza), kukonzekera komwe kunagwiritsa ntchito splice() ntchito. ndi mapaipi osatchulidwa mayina.
Chiwopsezo chikuwoneka kuyambira ndi Linux kernel 5.8, yomwe idatulutsidwa mu Ogasiti 2020, mwachitsanzo. zilipo mu Debian 11, koma sizikhudza maziko a Ubuntu 20.04 LTS. Nkhokwe za RHEL 8.x ndi openSUSE/SUSE 15 poyambilira zimatengera nthambi zakale, koma ndizotheka kuti kusintha komwe kunayambitsa vutoli kudabwezedwa mwa iwo (palibe deta yeniyeni). Mutha kutsata kusindikizidwa kwa zosintha zamaphukusi pamagawo awa: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Kukonzekera kwachiwopsezo kunaperekedwa muzotulutsidwa 5.16.11, 5.15.25 ndi 5.10.102. Kukonzekera kumaphatikizidwanso mu kernel yomwe imagwiritsidwa ntchito papulatifomu ya Android.
Chiwopsezochi chimayamba chifukwa chosowa kukhazikitsidwa kwa mtengo wa "buf->mbendera" mu code ya ntchito copy_page_to_iter_pipe() ndi push_pipe(), ngakhale kukumbukira sikumachotsedwa pogawa kapangidwe komanso pakusintha kwina. mapaipi osatchulidwa dzina, mtengo wochokera ku ntchito ina. Pogwiritsa ntchito izi, wogwiritsa ntchito wamba wopanda mwayi atha kukwaniritsa mawonekedwe a PIPE_BUF_FLAG_CAN_MERGE pa mbendera, zomwe zimakupatsani mwayi woti mukonze zolembedwanso patsamba la cache polemba zatsopano ku chitoliro chokonzedwa mwapadera chomwe sichinatchulidwe.
Pachiwopsezo, fayilo yomwe mukufunayo iyenera kuwerengeka, ndipo popeza kuti ufulu wofikira suyang'aniridwa polemba chitoliro, m'malo mwa cache yatsamba imatha kupangidwanso pamafayilo omwe ali m'magawo omwe amawerengedwa okha (mwachitsanzo, mafayilo c CD- ROM). Pambuyo posintha chidziwitso mu cache ya tsamba, powerenga deta kuchokera pa fayilo, ndondomekoyi idzalandira osati deta yeniyeni, koma deta yosinthidwa.
Kugwira ntchito kumafika popanga tchanelo chomwe sichinatchulidwe dzina ndikuchidzaza ndi data yosasinthika kuti zitsimikizire kuti mbendera ya PIPE_BUF_FLAG_CAN_MERGE yakhazikitsidwa m'magulu onse ogwirizana nawo. Chotsatira, deta imawerengedwa kuchokera ku tchanelo, koma mbendera imakhalabe yokhazikika muzochitika zonse za pipe_buffer muzitsulo za pipe_inode_info. Kuyitanira ku splice() kumapangidwa kuti muwerenge zambiri kuchokera pafayilo yomwe mukufuna kupita ku chitoliro chosatchulidwa, kuyambira pomwe mukufuna. Mukalemba data ku chitoliro chosatchulidwa dzinali, chifukwa cha mbendera ya PIPE_BUF_FLAG_CAN_MERGE yokhazikitsidwa, data yomwe ili mu cache yatsamba idzalembedwa m'malo mopanga chochitika chatsopano cha pipe_buffer.
Source: opennet.ru