Zowopsa zadziwika mu Linux kernel subsystems Netfilter ndi io_uring zomwe zimalola wogwiritsa ntchito wamba kukweza mwayi wawo pamakina:
- Vulnerability (CVE-2023-32233) mu gawo laling'ono la Netfilter chifukwa chogwiritsa ntchito kukumbukira kwaulere mu nf_tables module, yomwe imatsimikizira kugwira ntchito kwa ftables paketi fyuluta. Chiwopsezocho chingagwiritsidwe ntchito potumiza zopempha zopangidwa mwapadera kuti zisinthire kasinthidwe ka nftables. Kuwukiraku kumafuna mwayi wopeza ma nftables, omwe angapezeke mu malo osiyana a netiweki (malo ochezera a pa intaneti) ngati muli ndi CLONE_NEWUSER, CLONE_NEWNS kapena CLONE_NEWNET maufulu (mwachitsanzo, ngati mutha kuyendetsa chidebe chokhazikika).
Kuti apatse ogwiritsa ntchito nthawi yoti akhazikitse zosintha, wofufuza yemwe adazindikira vutoli adalonjeza kuti adzayimitsa kwa sabata (mpaka Meyi 15) kufalitsa zambiri mwatsatanetsatane ndi chitsanzo cha ntchito yomwe imagwira ntchito yomwe imapereka chipolopolo cha mizu. Chiwopsezocho chinakhazikitsidwa posintha 6.4-rc1. Mutha kutsata kukonza kwachiwopsezo pakugawira masamba otsatirawa: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.
- Chiwopsezo (CVE sichinapatsidwebe) pakukhazikitsa mawonekedwe a io_uring asynchronous I/O ophatikizidwa mu Linux kernel kuyambira kutulutsidwa kwa 5.1. Vutoli limayambitsidwa ndi cholakwika mu io_sqe_buffer_register ntchito, yomwe imalola mwayi wokumbukira zakuthupi kunja kwa malire a buffer yogawidwa mokhazikika. Vuto limapezeka mu nthambi ya 6.3 yokha ndipo lidzakonzedwa muzosintha zomwe zikubwera 6.3.2. Chitsanzo chogwiritsa ntchito chilipo kale kuti chiyesedwe, chomwe chimalola kugwiritsa ntchito ma code okhala ndi mwayi wa kernel.
Source: opennet.ru