Kotsi (CVE-2021-27803) e khethiloe ka har'a sephutheloana sa wpa_supplicant, se sebelisetsoang ho hokela marang-rang a se nang mohala libakeng tse ngata tsa Linux, *BSD le Android, tse ka sebelisoang ho sebelisa khoutu ea mohlaseli ha o sebetsana le Wi-Fi e entsoeng ka mokhoa o ikhethileng. Liforeimi tse laolang ka kotloloho (Wi-Fi P2P). Ho etsa tlhaselo, mohlaseli o tlameha ho ba sebakeng se lekaneng le marang-rang a se nang mohala ho romela sete e entsoeng ka ho khetheha ea liforeimi ho mohlaseluoa.
Bothata bo bakoa ke kokoanyana ho Wi-Fi P2P handler, ka lebaka leo ts'ebetso ea foreimi ea PDR (Provision Discovery Request) e sa hlophisitsoeng hantle e ka lebisang boemong boo ho bona rekoto e mabapi le thaka ea khale ea P2P e tla hlakoloa le tlhahisoleseding e tla ngolloa memoring e seng e lokolotsoe (sebelisa -after-free). Taba ena e ama wpa_supplicant e hlahisa 1.0 ho isa ho 2.9, e hlophisitsoeng ka khetho ea CONFIG_P2P.
Kotsi e tla lokisoa tokollong ea wpa_supplicant 2.10. Liphatlalatsong, tlhahiso ea hotfix e phatlalalitsoe bakeng sa Fedora Linux. Boemo ba ho phatlalatsoa ha lintlafatso ka liphatlalatso tse ling bo ka fumanoa maqepheng: Debian, Ubuntu, RHEL, SUSE, Arch Linux. Joalo ka mokhoa oa ho thibela ho ba kotsing, tima feela ts'ehetso ea P2P ka ho hlakisa "p2p_disabled=1" litlhophisong kapa ho sebelisa taelo ea "P2P_SET disabled 1" ho sebopeho sa CLI.
Source: opennet.ru