Chiwopsezo (CVE-2022-42896) chadziwika mu Linux kernel, chomwe chitha kugwiritsidwa ntchito kukonza ma code akutali pamlingo wa kernel potumiza paketi ya L2CAP yopangidwa mwapadera kudzera pa Bluetooth. Kuphatikiza apo, nkhani ina yofananira yadziwika (CVE-2022-42895) mu chowongolera cha L2CAP, chomwe chingayambitse kutayikira kwa zomwe zili mkati mwa kukumbukira kwa kernel m'mapaketi okhala ndi chidziwitso cha kasinthidwe. Chiwopsezo choyamba chakhala chikuwonekera kuyambira Ogasiti 2014 (kernel 3.16), ndipo chachiwiri kuyambira Okutobala 2011 (kernel 3.0). Zowopsa zasinthidwa mu Linux kernel releases 6.1.0, 6.0.8, 4.9.333, 4.14.299, 4.19.265, 5.4.224, 5.10.154, ndi 5.15.78. Mutha kutsata zomwe zakonzedwa pamagawidwe patsamba lotsatirali: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.
Kuti muwonetse kuthekera kochita chiwembu chakutali, ma prototype adasindikizidwa omwe amagwira ntchito pa Ubuntu 22.04. Kuti achite chiwopsezo, wowukirayo ayenera kukhala mkati mwa Bluetooth-kuphatikiza sikofunikira, koma Bluetooth iyenera kukhala yogwira pakompyuta. Pachiwopsezo, ndikwanira kudziwa adilesi ya MAC ya chipangizo cha wozunzidwayo, chomwe chingadziwike ndi kununkhiza kapena, pazida zina, kuwerengedwa kutengera adilesi ya MAC ya Wi-Fi.
Chiwopsezo choyamba (CVE-2022-42896) chimayamba chifukwa chofikira malo okumbukira omwe adamasulidwa kale (kugwiritsa ntchito kwaulere) pakukhazikitsa l2cap_connect ndi l2cap_le_connect_req ntchito - mutapanga tchanelo kudzera pa new_connection callback, loko sikunakhazikitsidwe. kwa izo, koma chowerengera chinakhazikitsidwa (__set_chan_timer), pakutha kwa nthawi, kuyitana l2cap_chan_timeout ntchito ndi kuchotsa njira popanda kuyang'ana kutha kwa ntchito ndi njira mu l2cap_le_connect * ntchito.
Nthawi yokhazikika ndi masekondi 40 ndipo zimaganiziridwa kuti mpikisano sungathe kuchitika ndi kuchedwa koteroko, koma zidapezeka kuti chifukwa cha cholakwika china pa chogwirizira cha SMP, zinali zotheka kuyimbira foni nthawi yomweyo ndikukwaniritsa mtundu chikhalidwe. Vuto mu l2cap_le_connect_req limatha kupangitsa kuti kernel memory ikhetseke, ndipo mu l2cap_connect imatha kubweretsa kubweza zomwe zili m'makumbukidwe ndikugwiritsa ntchito nambala yake. Mtundu woyamba wa kuukira ukhoza kuchitidwa pogwiritsa ntchito Bluetooth LE 4.0 (kuyambira 2009), yachiwiri pogwiritsa ntchito Bluetooth BR/EDR 5.2 (kuyambira 2020).
Chiwopsezo chachiwiri (CVE-2022-42895) chimayamba chifukwa chotsalira kukumbukira ntchito ya l2cap_parse_conf_req, yomwe ingagwiritsidwe ntchito kupeza kutali zambiri zamalozera kumapangidwe a kernel potumiza zopempha zopangidwa mwapadera. Ntchito ya l2cap_parse_conf_req idagwiritsa ntchito l2cap_conf_efs kapangidwe kake, komwe kukumbukira komwe kudaperekedwa sikunayambitsidwe kale ndipo poyendetsa mbendera ya FLAG_EFS_ENABLE kunali kotheka kuphatikizira deta yakale kuchokera pagululo mu paketi. Vuto limangowonekera pamakina omwe kernel imamangidwa ndi njira ya CONFIG_BT_HS (yolephereka mwachisawawa, koma imayatsidwa pamagawidwe ena, monga Ubuntu). Kuwukira kopambana kumafunikanso kukhazikitsa gawo la HCI_HS_ENABLED kudzera pa kasamalidwe kowona (osagwiritsidwa ntchito mwachisawawa).
Source: opennet.ru