Chiwopsezo chapezeka mu Netfilter subsystem (CVE-2023-6817), zomwe, mwachidziwitso, zingagwiritsidwe ntchito ndi wogwiritsa ntchito m'deralo kuti awonjezere mwayi wawo mu dongosolo. Muzu wavuto wagona pakukumbukira kugwiritsa ntchito pambuyo paulere mu gawo la nf_tables, lomwe limayang'anira magwiridwe antchito a paketi ya nftables.
Chiwopsezo zofunikira kuyambira mtundu wa kernel Linux 5.6. Konzani akufuna pakuyesa kutulutsidwa kwa kernel Linux 6.7-rc5 ndipo inaphatikizidwa mu nthambi zokhazikika zomwe zilipo pano 5.10.204, 5.15.143, 6.1.68 ndi 6.6.7.
Vutoli limayambitsidwa ndi cholakwika mu ntchito ya nft_pipapo_walk, yomwe simayang'ana zobwereza ikabwereza kudzera muzinthu za PIPAPO (Pile Packet Policies). Izi zimabweretsa kumasulidwa kawiri kukumbukira. Kuwukira kopambana kumafuna mwayi wopeza ma nftables, omwe atha kupezeka pokhala ndi ufulu wa CAP_NET_ADMIN mumalo aliwonse ogwiritsira ntchito kapena malo ochezera pa intaneti. Ufulu umenewu ukhoza kuperekedwa, mwachitsanzo, m'mitsuko yakutali. Kuti muyese machitidwe anu losindikizidwa kugwiritsa ntchito prototype.
Source: linux.org.ru
