Kusagadzikana (CVE-2022-42896) kwaonekwa muLinux kernel, iyo inogona kushandiswa kuronga kure kure kodhi kuuraya padanho rekernel nekutumira yakanyatsogadzirwa L2CAP packet kuburikidza neBluetooth. Pamusoro pezvo, imwe nyaya yakafanana yakaonekwa (CVE-2022-42895) muL2CAP inobata, izvo zvinogona kutungamira mukudonha kwemukati mendangariro dzemukati mumapaketi ane ruzivo rwekugadzirisa. Kusagadzikana kwekutanga kwave kuoneka kubva Nyamavhuvhu 2014 (kernel 3.16), uye yechipiri kubva Gumiguru 2011 (kernel 3.0). Kusagadzikana kwakagadziriswa muLinux kernel kuburitswa 6.1.0, 6.0.8, 4.9.333, 4.14.299, 4.19.265, 5.4.224, 5.10.154, uye 5.15.78. Unogona kutevedzera zvigadziriso mukugovera pamapeji anotevera: Debian, Ubuntu, Gentoo, RHEL, SUSE, Fedora, Arch.
Kuratidza mukana wekuita kurwisa kure, prototype exploits yakaburitswa iyo inoshanda paUbuntu 22.04. Kuti uite kurwisa, anorwisa anofanira kunge ari mukati meBluetooth renji-pre-pairing haidiwe, asi Bluetooth inofanirwa kunge ichishanda pakombuta. Pakurwiswa, zvakakwana kuziva kero yeMAC yechishandiso chemunhu anenge abatwa, iyo inogona kutsanangurwa nekufemba kana, pane mamwe maturusi, akaverengerwa zvichienderana neWi-Fi MAC kero.
Kusagadzikana kwekutanga (CVE-2022-42896) kunokonzerwa nekuwana yakatosunungurwa ndangariro nzvimbo (kushandisa-mushure-yemahara) mukuitwa kwel2cap_connect uye l2cap_le_connect_req mabasa - mushure mekugadzira chiteshi kuburikidza neiyo new_connection callback, kiyi haina kuiswa. nokuda kwayo, asi timer yakaiswa (__set_chan_timer ), pakupera kwenguva, ichidana l2cap_chan_timeout basa uye kubvisa chiteshi pasina kutarisa kupera kwebasa nechiteshi mul2cap_le_connect* mabasa.
Iyo yekumisikidza nguva ndeye 40 masekondi uye zvaifungidzirwa kuti mamiriro emujaho haagone kuitika nekunonoka kwakadaro, asi zvakazoitika kuti nekuda kweimwe kukanganisa muSMP mubato, zvaigoneka kuwana runhare rwekukurumidza kune iyo nguva uye kuwana rudzi mamiriro. Dambudziko mu l2cap_le_connect_req rinogona kutungamira kune kernel memory leak, uye mul2cap_connect inogona kutungamira mukudzoreredza zviri mukati mendangariro nekuita kodhi yayo. Mhando yekutanga yekurwiswa inogona kuitwa uchishandisa Bluetooth LE 4.0 (kubvira 2009), yechipiri kana uchishandisa Bluetooth BR/EDR 5.2 (kubvira 2020).
Kusagadzikana kwechipiri (CVE-2022-42895) kunokonzerwa nekusara kwendangariro kuvuza mune l2cap_parse_conf_req basa, iro rinogona kushandiswa kuwana kure ruzivo nezve anonongedzera kune kernel zvimiro nekutumira zvakanyatsogadzirwa zvikumbiro zvekugadzirisa. Iyo l2cap_parse_conf_req basa rakashandisa iyo l2cap_conf_efs chimiro, iyo yakagoverwa ndangariro yakanga isati yatangwa uye nekushandura FLAG_EFS_ENABLE mureza zvakagoneka kusanganisa data rekare kubva mustack mupacket. Dambudziko rinongoonekwa pane masisitimu panovakwa kernel neCONFIG_BT_HS sarudzo (yakaremara nekusarudzika, asi inogoneswa pane kumwe kugovera, seUbuntu). Kurwisa kwakabudirira kunodawo kuseta iyo HCI_HS_ENABLED paramende kuburikidza neiyo manejimendi interface kune chokwadi (isina kushandiswa neiyo default).
Source: opennet.ru