Chiwopsezo (CVE-2021-29154) chidadziwika mu kagawo kakang'ono ka eBPF, komwe kumakupatsani mwayi woyendetsa zowongolera kuti mufufuze, kusanthula magwiridwe antchito a subsystems ndikuwongolera magalimoto, omwe amachitidwa mkati mwa Linux kernel mumakina apadera a JIT, omwe amalola wogwiritsa ntchito wamba kuti akwaniritse ma code awo pamlingo wa kernel. Vutoli likuwoneka mpaka kutulutsidwa kwa 5.11.12 (kuphatikiza) ndipo silinakhazikitsidwebe pakugawa (Debian, Ubuntu, RHEL, Fedora, SUSE, Arch). Kukonzekera kumapezeka ngati chigamba.
Malinga ndi ochita kafukufuku omwe adazindikira kuti ali pachiwopsezo, adatha kupanga chiwonetsero chogwira ntchito cha machitidwe a 32- ndi 64-bit x86, omwe angagwiritsidwe ntchito ndi wogwiritsa ntchito wopanda mwayi. Komabe, Red Hat imanena kuti kuopsa kwa vutoli kumadalira ngati foni ya eBPF ikupezeka kwa wogwiritsa ntchito. Mwachitsanzo, pa RHEL ndi magawo ena ambiri a Linux pamasinthidwe osasinthika, kusatetezeka kutha kugwiritsidwa ntchito ngati BPF JIT yayatsidwa ndipo wogwiritsa ntchito ali ndi ufulu wa CAP_SYS_ADMIN. Monga njira yogwirira ntchito, tikulimbikitsidwa kuletsa BPF JIT pogwiritsa ntchito lamulo: echo 0> /proc/sys/net/core/bpf_jit_enable
Vutoli limayamba chifukwa cha zolakwika pakuwerengera kuchotsera kwa malangizo a nthambi panthawi yopanga makina opangira makina a JIT compiler. Makamaka, popanga malangizo a nthambi, sizimaganizira kuti kuchotserako kungasinthe pambuyo podutsa gawo lokonzekera. Cholakwika ichi chitha kugwiritsidwa ntchito kupanga makina odabwitsa ndikuchichita pamlingo wa kernel.
Ndizofunikira kudziwa kuti uku sikungokhala pachiwopsezo chokha mu eBPF subsystem posachedwa. Kumapeto kwa Marichi, ziwopsezo zina ziwiri zidadziwika mu kernel (CVE-2020-27170, CVE-2020-27171), zomwe zimapangitsa kuti zitheke kugwiritsa ntchito eBPF kudutsa chitetezo ku chiwopsezo cha Specter class, chomwe chimalola kudziwa zomwe zili mkati mwa kernel memory. chifukwa chopanga mikhalidwe yopangira zongopeka za ntchito zina. Kuwukira kwa Specter kumafuna kukhalapo kwa malamulo angapo mu code yamwayi yomwe imatsogolera kumayendedwe ongoyerekeza a malangizo. Mu eBPF, njira zingapo zapezeka zopangira malangizo otere kudzera mukusintha ndi mapulogalamu a BPF omwe amaperekedwa kuti aphedwe.
Chiwopsezo cha CVE-2020-27170 chimayamba chifukwa chakusintha kwa pointer mu zotsimikizira za BPF zomwe zimapangitsa kuti ntchito zongopeka zifikire kudera lomwe lili kunja kwa malire a buffer. Chiwopsezo cha CVE-2020-27171 ndi chifukwa cha cholakwika chocheperako mukamagwira ntchito ndi zolozera, zomwe zimapangitsa kuti pakhale mwayi wopeza deta kunja kwa buffer. Mavutowa adakhazikitsidwa kale mu kernel releases 5.11.8, 5.10.25, 5.4.107, 4.19.182 ndi 4.14.227, ndipo aphatikizidwanso muzosintha za kernel za magawo ambiri a Linux. Ofufuza akonza njira yachiwonetsero yomwe imalola wogwiritsa ntchito wopanda mwayi kuchotsa deta kuchokera ku kernel memory.
Source: opennet.ru