В Linux- Nuglaan (CVE-2023-5178) ayaa lagu aqoonsaday nidaamka hoose ee nvmet-tcp (NVMe-oF/TCP), kaas oo u oggolaanaya marin u helidda darawallada NVMe ee shabakadda (NVM Express oo ka sarreeya Fabrics) iyadoo la adeegsanayo hab-maamuuska TCP. Nuglaankan wuxuu u oggolaanayaa fulinta koodka fog ee heerka kernel ama, marin u helidda maxalliga ah, kordhinta mudnaanta nidaamka. Hagaajin ayaa hadda diyaar u ah balastar ahaan. Arrintu waxay jirtay tan iyo noocii ugu horreeyay ee darawalka NVMe-oF/TCP (warbixinta nuglaanta waxay xuseysaa kernel-ka). Linux 5.15, laakiin taageerada NVMe-oF/TCP waxaa lagu daray kernel 5.0). Nidaamyada leh NVMe-oF/TCP karti leh ayaa u nugul nuglaanta. server NVMe-oF/TCP (NVME_TARGET_TCP), kaas oo si caadi ah u aqbala isku xirka dekedda shabakadda 4420.
Nuglaanta waxaa sababa khalad macquul ah oo ay sabab u tahay shaqada nvmet_tcp_free_crypto laba jeer ayaa loo yeedhay oo la sii daayay tilmaamayaasha qaarkood laba jeer, iyo sidoo kale ciwaannada la sii daayay. Dabeecaddani waxay horseedaysaa marin u helka aagga xusuusta ee hore loo xoreeyay (isticmaalka-ka-dib-free) iyo xoraynta labanlaab ee xusuusta (laba-la'aan) marka server-ka NVMe-oF/TCP uu socodsiiyo farriin gaar ah oo qaabaysan oo macmiil ah, taas oo la heli karo labadaba. gudaha iyo shabakada caalamiga ah.
Source: opennet.ru
