Ho ba kotsing ea Linux kernel ho lumella ho qoba ho itšehla thajana ho Chrome sandbox

Bafuputsi ba ts'ireletso ba tsoang ho Google ba hlokometse ho ba kotsing (CVE-2025-38236) ho Linux kernel e lumellang ho eketseha ha menyetla. Har'a lintho tse ling, ho ba kotsing ho lumella ho feta mokhoa oa ho itšehla thajana oa sandbox o sebelisoang ho Google Chrome le ho fihlela ts'ebetso ea khoutu ea kernel ha o etsa khoutu molemong oa mokhoa o ikhethileng oa ho fana ka Chrome (mohlala, ha o sebelisa hampe ts'oaetso e 'ngoe ho Chrome). Taba ena e hlaha ho qala ka Linux kernel 6.9 mme e ne e tsitsitsoe ho Linux kernel updates 6.1.143, 6.6.96, 6.12.36, le 6.15.5. Mohlala oa ts'ebetso o fumaneha bakeng sa ho khoasolla.

Kotsi e bakoa ke phoso ea ts'ebetso ho folakha ea MSG_OOB, e ka hlophisetsoang li-sockets tsa AF_UNIX. Folakha ea MSG_OOB ("out-of-band") e lumella li-byte tse ling hore li hoketsoe ho data e rometsoeng, eo moamoheli a ka e balang pele lintlha tse ling kaofela li amoheloa. Folakha ena e ile ea eketsoa ka har'a kernel ea Linux 5.15 ka kopo ea Oracle mme e khothalelitsoe hore e tlosoe selemong se fetileng hobane e ne e sa sebelisoe haholo.

Ts'ebetso ea sandbox ea Chrome e lumelletse ts'ebetso ea socket ea UNIX le mehala ea sistimi ea send()/recv() moo folakha ea MSG_OOB e lumelletsoeng hammoho le likhetho tse ling 'me e sa hlophisoa ka thoko. Phoso e itseng ts'ebetsong ea MSG_OOB e lumelletse hore ho be le ts'ebeliso ea morao-rao ka mor'a ho etsa letoto le itseng la mehala ea sistimi: char dummy; likausi[2]; socketpair(AF_UNIX, SOCK_STREAM, 0, likausi); romela(likausi[1], "A", 1, MSG_OOB); recv(likausi[0], &dummy, 1, MSG_OOB); romela(likausi[1], "A", 1, MSG_OOB); recv(likausi[0], &dummy, 1, MSG_OOB); romela(likausi[1], "A", 1, MSG_OOB); recv(likausi[0], &dummy, 1, 0); recv(likausi[0], &dummy, 1, MSG_OOB);

Source: opennet.ru