Kusagadzikana (CVE-2021-27365) yakaonekwa muSCSI subsystem kodhi yeLinux kernel, iyo inobvumira asina rombo mushandisi wemuno kuti aite kodhi padanho rekernel uye kuwana midzi midzi muhurongwa. Iyo inoshanda prototype yekushandiswa inowanikwa kuti iedzwe. Kusagadzikana kwakagadziriswa muLinux kernel inogadziridza 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, uye 4.4.260. Kernel package inogadziridza inowanikwa paDebian, Ubuntu, SUSE/openSUSE, Arch Linux uye Fedora kugovera. Hapana zvigadziriso zvakaburitswa zveRHEL parizvino.
Dambudziko rinokonzerwa nekukanganisa mune iscsi_host_get_param () basa kubva ku libiscsi module, yakaunzwa kumashure muna 2006 panguva yekuvandudzwa kweSCSI subsystem. Nekuda kwekushaikwa kwekutarisa saizi kwayo, mamwe mitsara yeSCSI, senge zita remugamuchiri kana zita rekushandisa, anogona kudarika kukosha kwePAGE_SIZE (4 KB). Kusagadzikana kunogona kushandiswa nemushandisi asina rusaruro achitumira Netlink mameseji anoseta iSCSI hunhu kune zvakakosha kupfuura PAGE_SIZE. Kana hunhu uhu huchiverengwa kuburikidza ne sysfs kana seqfs, kodhi inodanwa kuti inopfuudza hunhu kune sprintf basa kuti ikopwe mubuffer ine saizi iri PAGE_SIZE.
Kushandiswa kwekusagadzikana mukugovera kunoenderana nerutsigiro rwekurodha otomatiki yescsi_transport_iscsi kernel module paunenge uchiedza kugadzira NETLINK_ISCSI socket. Mukugovera uko module iyi inotakurwa otomatiki, kurwiswa kunogona kuitwa zvisinei nekushandiswa kweiSCSI mashandiro. Panguva imwecheteyo, kuti ubudirire kushandisa kushandiswa, kunyoreswa kweinenge imwe iSCSI yekufambisa kunodiwawo. Nekudaro, kunyoresa chekufambisa, unogona kushandisa ib_iser kernel module, inotakurwa otomatiki kana mushandisi asina rombo akaedza kugadzira NETLINK_RDMA socket.
Kurodha otomatiki kwemamodule anodiwa pakushandisa application kunotsigirwa muCentOS 8, RHEL 8 uye Fedora kana uchiisa iyo rdma-core package pane system, inova inotsamira kune mamwe mapakeji anozivikanwa uye inoiswa nekusarudzika mukumisikidzwa kwenzvimbo dzekushandira, maseva masisitimu ane GUI uye nharaunda nharaunda virtualization. Nekudaro, rdma-core haina kuisirwa kana uchishandisa sevha musangano unoshanda chete mune console mode uye kana uchiisa kushoma yekuisa mufananidzo. Semuenzaniso, iyo package inosanganisirwa mukugovera kwekutanga kweFedora 31 Workstation, asi haina kubatanidzwa muFedora 31 Server. Debian neUbuntu havatani kubatwa nedambudziko nekuti iyo rdma-core package inotakura kernel modules inodiwa pakurwisa chete kana RDMA hardware iripo.
Senzira yekuchengetedza, unogona kudzima otomatiki kurodha yelibiscsi module: echo "isa libiscsi /bin/true" >> /etc/modprobe.d/disable-libiscsi.conf
Pamusoro pezvo, kusakwana kuviri kune ngozi kunogona kutungamira mukudonha kwedata kubva kukernel kwakagadziriswa muSCSI subsystem: CVE-2021-27363 (iSCSI transport descriptor information leakage via sysfs) uye CVE-2021-27364 (out-of-bounds buffer). verenga). Izvi zvinokanganisa zvinogona kushandiswa kutaurirana kuburikidza netlink socket neSCSI subsystem pasina maropafadzo anodiwa. Semuenzaniso, mushandisi asina rusaruro anogona kubatana neSCSI uye oburitsa "kugumisa chikamu" kuraira kumisa chikamu.
Source: opennet.ru