В Linux- Kukuvadzwa (CVE-2023-5178) kwaonekwa mu subsystem ye nvmet-tcp (NVMe-oF/TCP), iyo inobvumira kupinda mumadhiraivha eNVMe kuburikidza ne network (NVM Express pamusoro peFabrics) uchishandisa TCP protocol. Kukuvadzwa uku kunogona kubvumira kuitwa kwekodhi iri kure padanho re kernel kana, nekupinda kwenzvimbo, kuwedzera kwekodzero mu system. Kugadzirisa kuripo parizvino sechigamba. Dambudziko iri rave riripo kubvira pakatanga NVMe-oF/TCP driver (mushumo wekuvadzwa unotaura nezve kernel). Linux 5.15, asi rutsigiro rweNVMe-oF/TCP rwakawedzerwa kukernel 5.0). Masisitimu ane NVMe-oF/TCP yakagoneswa anogona kukanganiswa nekusagadzikana. server NVMe-oF/TCP (NVME_TARGET_TCP), iyo inogamuchira kubatana pa network port 4420.
Kusagadzikana kunokonzerwa nekukanganisa kunonzwisisika nekuda kweiyo nvmet_tcp_free_crypto basa rakanzi kaviri uye rakasunungura mamwe anonongedzera kaviri, uye zvakare dereferenced akasunungurwa kero. Maitiro aya anotungamira kusvika kune yakatosunungurwa ndangariro nzvimbo (kushandisa-mushure-yemahara) uye kaviri kusunungura ndangariro (kaviri-yemahara) apo NVMe-oF/TCP server inobata meseji yakanyatso kurongeka kubva kumutengi, inogona kuwanikwa ese ari maviri. munharaunda uye mupasi rose network.
Source: opennet.ru
