Kusagadzikana kuviri kutsva kwaonekwa muBPF subsystem, iyo inokutendera kuti umhanye vanobata mukati meLinux kernel mune yakakosha muchina une JIT. Kusagadzikana kwese kuri kuita kuti zvikwanise kuita kodhi yako nekodzero dzekernel, kunze kweiyo yega eBPF chaiyo muchina. Ruzivo nezve matambudziko akaburitswa nechikwata cheZero Day Initiative, chinomhanyisa makwikwi ePwn2Own, panguva ino gore rino kurwiswa katatu paUbuntu Linux kwakaratidzwa kwaishandiswa kusazivikanwa kusazivikanwa (kunyangwe kusadzivirirwa muEBPF kwakabatana nekurwiswa uku hakuna kutaurwa) .
- CVE-2021-3490 - Kusadzikama kunokonzerwa nekushaikwa kwe32-bit kunze-kwe-mabheji kutarisa paunenge uchiita bitwise AND, OR, uye XOR mashandiro muBPF ALU32. Anorwisa anogona kutora mukana webug iyi kuverenga nekunyora data kunze kweiyo bhafa yakagoverwa. Dambudziko nekushanda kweXOR rinoonekwa kutanga kubva kukernel version 5.7-rc1, uye AND uye OR - kutanga kubva pa5.10-rc1.
- CVE-2021-3489 - Kusagadzikana kunokonzerwa nekukanganisa mukushandiswa kweiyo ring buffer uye imhaka yekuti bpf_ringbuf_reserve basa harina kutarisa mukana wekuti saizi yenzvimbo yakagoverwa yekurangarira inogona kunge iri shoma pane saizi chaiyo. ye ringbuf. Dambudziko rinoonekwa kubva pakaburitswa 5.8-rc1.
Mamiriro ekubata kusasimba mukugovera anogona kuteverwa pamapeji aya: Ubuntu, Debian, RHEL, Fedora, SUSE, Arch). Kugadziriswa kunowanikwawo sezvigamba (CVE-2021-3489, CVE-2021-3490). Kunyangwe iyo nyaya inogona kushandiswa zvinoenderana nekuti iyo eBPF system yekufona inowanikwa kune mushandisi. Semuyenzaniso, mukumisikidzwa kwakare muRHEL, kushandiswa kwekusagadzikana kunoda kuti mushandisi ave neCAP_SYS_ADMIN kodzero.
Takaparadzana, isu tinogona kuona kumwe kusadzivirirwa muLinux kernel - CVE-2021-32606, iyo inobvumira mushandisi wemuno kusimudza ropafadzo dzavo kusvika padanho remidzi. Dambudziko rave pachena kubvira Linux kernel 5.11 uye rinokonzerwa nemamiriro emujaho mukuitwa kweCAN ISOTP protocol, iyo inoita kuti zvikwanise kushandura socket inosunga maparameter nekuda kwekushaikwa kwekuisa makiyi akakodzera muisotp_setsockopt () basa. paunenge uchigadzira CAN_ISOTP_SF_BROADCAST mureza.
Mushure mekunge ISOTP socket yakavharwa, kusungirirwa kune socket yekugamuchira kunoramba kuripo, iyo inogona kuramba ichishandisa zvimiro zvine chekuita nesoketi mushure mekunge ndangariro yakabatana navo yasunungurwa (kushandiswa-mushure-kwemahara nekuda kwekudanwa kune isotp_sock chimiro. iyo yakatosunungurwa kana isotp_rcv() inodanwa). Kuburikidza nekugadzirisa data, unogona kupfuudza chinongedzo kune sk_error_report () basa uye shandisa kodhi yako padanho rekernel.
Source: opennet.ru