Zowopsa ziwiri zadziwika mu Linux kernel (CVE-2023-1281, CVE-2023-1829) zomwe zimalola wogwiritsa ntchito wakomweko kukweza mwayi wawo pamakina. Kuti muchite chiwembu, zilolezo zopanga ndikusintha magulu amtundu wamagalimoto zimafunikira, zomwe zikupezeka ndi CAP_NET_ADMIN maufulu, omwe angapezeke ndikutha kupanga malo ogwiritsira ntchito. Mavuto adawonekera kuyambira pa kernel 4.14 ndipo adakonzedwa munthambi ya 6.2.
Zofooka zimayambitsidwa ndi kukumbukira kukumbukira zitamasulidwa (kugwiritsa ntchito-mfulu) mu tcindex traffic classifier code, yomwe ili gawo la QoS (Quality of service) subsystem ya Linux kernel. Kusatetezeka koyamba kumachitika chifukwa cha mpikisano mukakonza zosefera zazing'ono, ndipo kusatetezeka kwachiwiri kumachitika mukachotsa fyuluta yoyenera kwambiri. Mutha kutsata zomwe zakonzedwa patsamba lotsatirali: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Gentoo, Arch. Kuti mulepheretse kugwiritsa ntchito pachiwopsezo pogwiritsa ntchito njira yogwirira ntchito, mutha kuletsa kuthekera kopanga mayina ndi ogwiritsa ntchito opanda mwayi ("sudo sysctl -w kernel.unprivileged_userns_clone=0").
Source: opennet.ru