Ho ba kotsing (CVE-2021-27365) ho khethiloe ka har'a khoutu ea tsamaiso ea iSCSI ea Linux kernel, e lumellang mosebelisi oa lehae ea seng lehlohonolo ho etsa khoutu boemong ba kernel le ho fumana litokelo tsa metso tsamaisong. Mohlala o sebetsang oa ts'ebetso o teng bakeng sa tlhahlobo. Kotsi e ile ea rarolloa ho Linux kernel updates 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, le 4.4.260. Lintlafatso tsa sephutheloana sa Kernel li fumaneha ho Debian, Ubuntu, SUSE/openSUSE, Arch Linux le phepelo ea Fedora. Ha ho na litokiso tse lokolotsoeng bakeng sa RHEL hajoale.
Bothata bo bakoa ke phoso mosebetsing oa iscsi_host_get_param () ho tloha mojuleng oa libiscsi, o hlahisitsoeng morao ka 2006 nakong ea nts'etsopele ea tsamaiso ea iSCSI. Ka lebaka la khaello ea ho hlahloba boholo bo nepahetseng, litšobotsi tse ling tsa thapo ea iSCSI, joalo ka lebitso la moamoheli kapa lebitso la mosebelisi, li ka feta boleng ba PAGE_SIZE (4 KB). Ho ba kotsing ho ka sebelisoa hampe ke mosebelisi ea se nang tokelo ea romellang melaetsa ea Netlink e behang litšoaneleho tsa iSCSI ho boleng bo fetang PAGE_SIZE. Ha litšobotsi tsena li baloa ka li-sysfs kapa seqfs, khoutu e bitsoa e fetisang litšobotsi ho ts'ebetso ea sprintf hore e kopitsoe ho buffer eo boholo ba eona e leng PAGE_SIZE.
Tšebeliso ea bofokoli ho phano e ipapisitse le ts'ehetso ea ho kenya mochini oa scsi_transport_iscsi kernel ha o leka ho theha NETLINK_ISCSI socket. Likabelong moo mojule ona o jaroang ka bohona, tlhaselo e ka etsoa ho sa tsotelehe ts'ebeliso ea ts'ebetso ea iSCSI. Ka nako e ts'oanang, ho sebelisa katleho ka katleho, ho ngolisoa ha bonyane lipalangoang tsa iSCSI hoa hlokahala. Ka lehlakoreng le leng, ho ngolisa sepalangoang, o ka sebelisa ib_iser kernel module, e kentsoeng ka bo eona ha mosebelisi ea se nang tokelo a leka ho theha sokete ea NETLINK_RDMA.
Ho kenya li-module tsa othomathike bakeng sa ts'ebeliso ea ts'ebeliso e tšehetsoa ho CentOS 8, RHEL 8 le Fedora ha o kenya sephutheloana sa rdma-core ho sistimi, e leng ts'epo ea liphutheloana tse ling tse tsebahalang mme e kentsoe ka boiketsetso ho tlhophiso ea li-workstations, li-server tse nang le GUI le tikoloho e amohelang batho ba bang. Leha ho le joalo, rdma-core ha e kentsoe ha o sebelisa kopano ea seva e sebetsang feela ka mokhoa oa console le ha o kenya setšoantšo se fokolang sa ho kenya. Ka mohlala, sephutheloana se kenyelelitsoe kabong ea motheo ea Fedora 31 Workstation, empa ha e kenyelelitsoe ho Fedora 31 Server. Debian le Ubuntu ha ba kotsing e kholo ea bothata hobane sephutheloana sa rdma-core se jara li-module tsa kernel tse hlokahalang bakeng sa tlhaselo ha feela lisebelisoa tsa RDMA li le teng.
Joalo ka ts'ireletso ea ts'ireletso, o ka thibela ho jarolla ka mokhoa o ikhethileng oa mojule oa libiscsi: echo "kenya libiscsi /bin/true" >> /etc/modprobe.d/disable-libiscsi.conf
Ntle le moo, likotsi tse peli tse seng kotsi tse ka lebisang ho lutla ha data ho kernel li kentsoe ka har'a iSCSI subsystem: CVE-2021-27363 (iSCSI transport descriptor information leakage via sysfs) le CVE-2021-27364 (out-of-bounds buffer). bala). Bofokoli bona bo ka sebelisoa ho buisana ka sokete ea netlink le subsystem ea iSCSI ntle le litokelo tse hlokahalang. Mohlala, mosebelisi ea se nang tokelo a ka hokela ho iSCSI mme a fana ka taelo ea "qetella nako" ho emisa seboka.
Source: opennet.ru