A vulnerability (CVE-2021-4204) yakaonekwa mu eBPF subsystem, iyo inokutendera kuti umhanye vanobata mukati meLinux kernel mumuchina wakasarudzika une JIT, uchibvumira mushandisi wemuno asina rusarura kuti awane ropafadzo yekukwira uye kuita kodhi yavo pa Linux kernel level. Dambudziko rave kuoneka kubvira Linux kernel 5.8 uye rinoramba risina kugadziriswa (kusanganisira kuburitswa 5.16). Mamiriro ekugadzirisa ari kugadzirwa kugadzirisa dambudziko mukugovera anogona kuteverwa pamapeji aya: Debian, RHEL, SUSE, Fedora, Ubuntu, Arch. Izvo zvakaziviswa kuti kushandiswa kwekushanda kwakagadzirwa, iyo yakarongwa kuti ibudiswe muna Ndira 18 (vashandisi nevagadziri vakapihwa vhiki kugadzirisa kusagadzikana).
Kusagadzikana uku kunokonzerwa nekuongororwa zvisirizvo kwezvirongwa zveBPF zvinofambiswa kuti zviitwe. Iyo eBPF subsystem inopa mabasa ekubatsira, iko kushandiswa kwayo kunosimbiswa neakakosha verifier. Mamwe mabasa anoda kupfuudza kukosha kwePTR_TO_MEM senharo, uye kudzivirira zvingangoita buffer kuwanda, mutsinhidzi anofanira kuziva saizi yendangariro ine chekuita nenharo. Kune iyo bpf_ringbuf_submit uye bpf_ringbuf_discard mabasa, data pahukuru hweyekudzo yakachinjirwa haina kutaurwa kune inosimbisa, iyo inogona kushandiswa kunyora pamusoro penzvimbo dzendangariro kupfuura muganho webuffer paunenge uchiita yakanyatsogadzirirwa eBPF kodhi.
Kuti aite kurwisa, mushandisi anofanira kukwanisa kurodha chirongwa chake cheBPF, uye akawanda achangoburwa Linux kugovera kuvharidzira kugona uku nekukasira (kusanganisira kusarongeka kwekuwana eBPF ikozvino kwave kurambidzwa nekusarudzika mukernel pachayo, kutanga nekuburitswa 5.16). Semuenzaniso, kusazvibata kunogona kushandiswa mukumisikidzwa kweiyo Ubuntu 20.04 LTS, asi munzvimbo Ubuntu 22.04-dev, Debian 11, openSUSE 15.3, RHEL 8.5, SUSE 15-SP4 uye Fedora 33 inongoonekwa chete kana maneja akaiswa. the kernel.unprivileged_bpf_disabled parameter kusvika 0. Sechishandiso chekudzivirira kusagadzikana, unogona kudzivirira kuitwa kwezvirongwa zveBPF nevashandisi vasina ruzivo nemurairo "sysctl -w kernel.unprivileged_bpf_disabled=1".
Source: opennet.ru