Kusagadzikana kwakanyanya kwaonekwa mu ksmbd module, iyo inosanganisira kushandiswa kwefaira sevha yakavakirwa paSMB protocol yakavakirwa muLinux kernel, inobvumira kure kure kodhi kuuraya nekodzero dzekernel. Kurwiswa kunogona kuitwa pasina kuvimbiswa, zvakakwana kuti ksmbd module inogadziriswa pane system. Dambudziko rave kuratidzwa kubvira kernel 5.15, yakaburitswa muna Mbudzi 2021, uye yakagadziriswa chinyararire mukuvandudza 5.15.61, 5.18.18 uye 5.19.2, yakaumbwa muna Nyamavhuvhu 2022. Sezvo dambudziko risati rapihwa CVE identifier, hapana ruzivo chairwo nezve kugadzirisa dambudziko mukugovera parizvino.
Tsanangudzo nezve kushandiswa kwekusagadzikana hazvisati zvaburitswa, zvinongozivikanwa kuti kusazvibata kunokonzerwa nekuwana yakatosunungurwa ndangariro nzvimbo (Shandisa-After-Mahara) nekuda kwekushaikwa kwekutarisa kuvepo kwechinhu usati waita mashandiro. nayo. Dambudziko rine chekuita nenyaya yekuti mune smb2_tree_disconnect() basa, ndangariro dzakagoverwa ksmbd_tree_connect chimiro chakasunungurwa, asi mushure meizvozvo pakanga pachine chinongedzo chakashandiswa pakugadziridza zvimwe zvikumbiro zvekunze zvine SMB2_TREE_DISCONNECT mirairo.
Pamusoro pekusagadzikana kwakataurwa muksmbd, 4 matambudziko asina njodzi anogadziriswa zvakare:
- ZDI-22-1688 - kureba kodhi kuuraya nekodzero dzekernel nekuda kwekushaikwa kwekutarisa saizi chaiyo ye data rekunze mune faira hunhu hwekugadzirisa kodhi usati waikopa kune yakagoverwa buffer. Ngozi yekusagadzikana inodzikiswa nenyaya yekuti kurwiswa kunogona kuitwa chete nemushandisi ane chokwadi.
- ZDI-22-1691 - ruzivo rwekure runodonha kubva ku kernel ndangariro nekuda kwekutarisa kwakashata kweyekupinza paramita muSMB2_WRITE command mubato (kurwiswa kunogona kuitwa chete nemushandisi ane chokwadi).
- ZDI-22-1687 - kure kure kurambwa kwesevhisi kuburikidza nekuneta kwekuyeuka kunowanikwa muhurongwa nekuda kwekuburitswa zvisirizvo kwezviwanikwa muSMB2_NEGOTIATE command handler (kurwiswa kunogona kuitwa pasina humbowo).
- ZDI-22-1689 - runhare rwuri kure rwekupaza kernel nekuda kwekushaikwa kwekutarisa kwakaringana kweiyo SMB2_TREE_CONNECT yekuraira, zvichitungamira pakuverenga kubva kunzvimbo yekunze-ye-buffer (kurwiswa kunogona kuitwa chete nemushandisi ane chokwadi. )
Tsigiro yekumhanyisa SMB server uchishandisa ksmbd module yakaverengerwa muSamba package kubva pakaburitswa 4.16.0. Kusiyana nemushandisi-nzvimbo yeSMB sevha, ksmbd inoshanda zvakanyanya maererano nekuita, kushandiswa kwendangariro, uye kubatanidzwa nemhando yepamusoro kernel. Ksmbd inoratidzwa seyepamusoro-inoshanda, yakamisikidzwa-yakagadzirira yekuwedzera kuSamba, kubatanidza neSamba maturusi nemaraibhurari sezvinodiwa. Iyo ksmbd kodhi yakanyorwa neSamsung's Namjae Jeon uye LG's Hyunchul Lee, uye yakachengetwa mukernel naMicrosoft's Steve French, muchengeti weCIFS/SMB2/SMB3 subsystems muLinux kernel uye ave nenguva ari nhengo yeSamba budiriro timu, uyo akabatsira zvakanyanya. pakuita kwerutsigiro rweSMB/CIFS protocol muSamba neLinux.
Source: opennet.ru