Cilmi-baarayaasha amniga ee Google-ka ayaa aqoonsaday baylahda (CVE-2025-38236) ee ku jirta kernel Linux taasoo u oggolaanaysa mudnaanta sare u qaadida. Waxyaabo kale, baylahdu waxay u oggolaanaysaa in laga gudbo habka go'doominta sanduuqa-cammuudda ee loo adeegsado Google Chrome iyo gaarista fulinta koodka heerka kernel marka la fulinayo koodka macnaha guud ee habka wax-soo-saarka Chrome-ka go'doonsan (tusaale, marka laga faa'iidaysanayo nuglaanta kale ee Chrome). Arrintu waxay u muuqataa inay ka bilaabmayso Linux kernel 6.9 waxaana lagu hagaajiyay cusboonaysiinta kernel Linux 6.1.143, 6.6.96, 6.12.36, iyo 6.15.5. Tusaalaha ka faa'iidaysiga ayaa diyaar u ah soo dejinta.
Nuglaanta waxaa sababa khalad dhaqangelineed oo ku dhex jira calanka MSG_OOB, kaas oo loo dejin karo saldhigyada AF_UNIX. Calanka MSG_OOB ("off-of-band") wuxuu ogolaanayaa byte dheeraad ah in lagu dhejiyo xogta la dirayo, kaas oo qaataha uu akhriyi karo ka hor inta aan la helin xogta inteeda kale. Calankan waxaa lagu daray Linux 5.15 kernel codsigii Oracle waxaana loo soo jeediyay hoos u dhigista sanadkii hore sababtoo ah si weyn looma isticmaalin.
Hirgelinta sanduuqa bacaadka ee Chrome waxa ay ogolaatay hawlgalada godadka UNIX oo dir()/recv() nidaamka wicisyada halka calanka MSG_OOB la oggolaaday oo ay weheliso doorashooyin kale oo aan si gooni ah loo sifeynin. Caylad ku jirta hirgelinta MSG_OOB ayaa loo oggolaaday in xaalad-isticmaalka-ka-dib-free ay dhacdo ka dib marka la fuliyo taxane gaar ah oo wicitaannada nidaamka ah: char dummy; sharabaadada int[2]; socketpair (AF_UNIX, SOCK_STREAM, 0, sharabaadada); dir ( sharabaadada[1], "A", 1, MSG_OOB); recv ( sharabaadada [0], & dhummy, 1, MSG_OOB); dir ( sharabaadada[1], "A", 1, MSG_OOB); recv ( sharabaadada [0], & dhummy, 1, MSG_OOB); dir ( sharabaadada[1], "A", 1, MSG_OOB); recv ( sharabaadada [0], & dhummy, 1, 0); recv ( sharabaadada [0], & dhummy, 1, MSG_OOB);
Source: opennet.ru
