Ziwopsezo ziwiri zatsopano zadziwika mu gawo la eBPF, lomwe limakupatsani mwayi woyendetsa mawotchi mkati mwa Linux kernel mumakina apadera omwe ali ndi JIT. Zofooka zonsezi zimapangitsa kuti zitheke kugwiritsa ntchito nambala yanu ndi ufulu wa kernel, kunja kwa makina a eBPF akutali. Zambiri zazovutazi zidasindikizidwa ndi gulu la Zero Day Initiative, lomwe limayendetsa mpikisano wa Pwn2Own, pomwe chaka chino kuukira katatu kwa Ubuntu Linux kudawonetsedwa kuti zidagwiritsidwa ntchito pachiwopsezo chomwe sichinadziwikepo kale (kaya zofooka za eBPF zikugwirizana ndi ziwonetserozi sizinafotokozedwe) .
- CVE-2021-3490 - Chiwopsezochi chimayamba chifukwa chosowa kuyang'ana kunja kwa 32-bit mukamagwira ntchito pang'ono NDI, KAPENA, ndi XOR mu eBPF ALU32. Wowukira atha kutenga mwayi wa cholakwikachi kuwerenga ndi kulemba data kunja kwa malire a buffer yomwe yaperekedwa. Vuto la machitidwe a XOR likuwoneka kuyambira pa kernel version 5.7-rc1, ndi NDI ndi OR - kuyambira 5.10-rc1.
- CVE-2021-3489 - Chiwopsezocho chimayamba chifukwa cha zolakwika pakukhazikitsa ring buffer ndipo ndichifukwa choti bpf_ringbuf_reserve ntchito sinayang'ane kuthekera kwakuti kukula kwa gawo lokumbukira lomwe laperekedwa likhoza kukhala locheperako. wa ringbuf. Vuto likuwoneka kuyambira kutulutsidwa kwa 5.8-rc1.
Mkhalidwe wa kusatetezeka kwapang'onopang'ono pakugawira ukhoza kutsatiridwa pamasamba awa: Ubuntu, Debian, RHEL, Fedora, SUSE, Arch). Zokonza zimapezekanso ngati zigamba (CVE-2021-3489, CVE-2021-3490). Kaya nkhaniyo ingagwiritsidwe ntchito molakwika zimatengera ngati kuyimba kwa eBPF kumapezeka kwa wogwiritsa ntchito. Mwachitsanzo, pakusintha kosasintha mu RHEL, kugwiritsa ntchito kusatetezeka kumafuna kuti wogwiritsa ntchito akhale ndi ufulu wa CAP_SYS_ADMIN.
Payokha, titha kuzindikira chiwopsezo china mu Linux kernel - CVE-2021-32606, yomwe imalola wogwiritsa ntchito wakomweko kukweza mwayi wawo pamizu. Vutoli likuwonekera kuyambira Linux kernel 5.11 ndipo limayamba chifukwa cha mpikisano pakukhazikitsa protocol ya CAN ISOTP, zomwe zimapangitsa kuti zitheke kusintha magawo omangira socket chifukwa chosowa kukhazikitsa maloko oyenera mu isotp_setsockopt() ntchito. pokonza mbendera ya CAN_ISOTP_SF_BROADCAST.
Soketi ya ISOTP ikatsekedwa, kumangirira kwa socket yolandila kumakhalabe kogwira ntchito, komwe kumatha kupitiliza kugwiritsa ntchito zida zomwe zimagwirizanitsidwa ndi socket pambuyo poti kukumbukira komwe kumalumikizidwa ndi iwo kumasulidwa (kugwiritsa ntchito-kwaulere chifukwa cha kuyimba kwa isotp_sock. zomwe zamasulidwa kale pamene isotp_rcv() imatchedwa). Kupyolera mukusintha kwa data, mutha kupitilira cholozera ku sk_error_report() ntchito ndikuyika nambala yanu pamlingo wa kernel.
Source: opennet.ru