Kusagadzikana (CVE-2021-22555) kwakaonekwa muNetfilter, subsystem yeLinux kernel inoshandiswa kusefa nekugadzirisa mapaketi etiweki, ayo anobvumira mushandisi wepano kuwana midzi midzi pane sisitimu, kusanganisira iri mumudziyo uri wega. Chishandiso chinoshanda chekushandisa chinodarika iyo KASLR, SMAP uye SMEP nzira dzekudzivirira dzakagadzirirwa kuongororwa. Muongorori akawana kusagadzikana kwacho akagamuchira mubairo wemadhora zviuru makumi maviri kubva kuGoogle yekuona nzira yekunzvenga iyo yega yemidziyo yeKubernetes muboka re kCTF.
Dambudziko ranga riripo kubva kernel 2.6.19, yakaburitswa makore gumi nemashanu apfuura, uye yakakonzerwa nebug mu IPT_SO_SET_REPLACE uye IP15T_SO_SET_REPLACE zvibatiso zvinokonzeresa kufashukira paunenge uchitumira ma paramita akafomatidzwa zvakanyanya kuburikidza ne setsockopt call in compat mode. Mumamiriro ezvinhu akajairwa, mushandisi wemidzi chete ndiye anogona kufona kucomat_setsockopt(), asi maropafadzo anodiwa kuita kurwiswa anogona kuwanikwa nemushandisi asina rusarura pamasisitimu ane rutsigiro rwemazita emushandisi anogoneswa.
Mushandisi anogona kugadzira mudziyo une mudzi wakasiyana mushandisi uye kushandisa kusazvibata kubva ipapo. Semuenzaniso, "nzvimbo dzemazita emushandisi" inogoneswa nekusarudzika paUbuntu neFedora, asi isingagoneswe paDebian neRHEL. Chigamba chinogadzirisa kusagadzikana chakagamuchirwa muLinux kernel muna Kubvumbi 13. Pakeji yekuvandudza yakatogadzirwa neiyo Debian, Arch Linux uye Fedora mapurojekiti. MuUbuntu, RHEL uye SUSE, zvigadziriso zviri mukugadzirira.
Dambudziko rinoitika mu xt_compat_target_from_user() basa nekuda kwekuverenga kusiri iko kwehukuru hwendangariro paunenge uchichengetedza kernel zvimiro mushure mekushandura kubva ku32-bit kuenda ku64-bit inomiririra. Iyo bug inobvumira mana null byte kunyorwa kune chero chinzvimbo kunze kweiyo yakagoverwa buffer yakasungwa ne offset 0x4C. Ichi chimiro chakazove chakakwana kugadzira kushandiswa kwakabvumira munhu kuwana kodzero dzemidzi - nekubvisa m_list->inotevera pointer mune msg_msg chimiro, mamiriro akagadzirwa kuti uwane data mushure mekusunungura memory (use-after-free), iyo yakazoshandiswa kuwana ruzivo nezve kero uye shanduko kune zvimwe zvimiro kuburikidza nekunyengedza iyo msgsnd () system call.
Source: opennet.ru