Kusagadzikana (CVE-5.1-2022) kwaonekwa mukuitwa kweiyo io_uring asynchronous input/output interface, inosanganisirwa muLinux kernel kubva pakaburitswa 2602, iyo inobvumira mushandisi asina rombo rakanaka kuwana kodzero dzemidzi muhurongwa. Dambudziko rakasimbiswa mubazi 5.4 uye kernels kubva pabazi 5.15.
Kusagadzikana kunokonzerwa nekushandisa-mushure-yemahara memory block muio_uring subsystem, inoitika semhedzisiro yemamiriro enhangemutange paunenge uchigadzirisa chikumbiro cheio_uring pane faira rakanangwa panguva yekuunganidzwa kwemarara yezvigadziko zveUnix, kana muunganidzi wemarara akasunungura zvese zvakanyoreswa. faira zvinotsanangura uye faira descriptor iyo io_uring inoshanda nayo. Kugadzira zvisirizvo mamiriro ekusagadzikana kuti azviratidze, unogona kunonoka chikumbiro uchishandisa userfaultfd kudzamara muunganidzi wemarara aburitsa ndangariro.
Vatsvagiri vakaona dambudziko iri vakazivisa kusikwa kwechishandiso chekushanda, chavanoda kuburitsa muna Gumiguru 25 kupa vashandisi nguva yekuisa zvigadziriso. Iyo gadziriso iripo ikozvino sechigamba. Zvigadziriso zvekugovera hazvisati zvaburitswa, asi unogona kutarisa kuwanikwa kwavo pamapeji anotevera: Debian, Ubuntu, Gentoo, RHEL, Fedora, SUSE/openSUSE, Arch.
Source: opennet.ru