Kotsi (CVE-2021-29154) e ile ea khetholloa ka har'a tsamaiso e nyenyane ea eBPF, e u lumellang hore u tsamaise bahlokomeli bakeng sa ho ts'oara, ho hlahloba ts'ebetso ea li-subsystems le ho laola sephethephethe, se etsoang ka har'a Linux kernel ka mochine o khethehileng o nang le JIT, o lumellang mosebelisi oa lehae ho fihlela ts'ebetso ea khoutu ea bona boemong ba kernel. Bothata bo hlaha ho fihlela ho lokolloa ha 5.11.12 (ho kenyeletsoa) 'me ha e e-s'o lokisoe ka liphallelo (Debian, Ubuntu, RHEL, Fedora, SUSE, Arch). Tokiso e fumaneha joalo ka patch.
Ho ea ka bafuputsi ba khethileng ho ba kotsing, ba khonne ho hlahisa mohlala o sebetsang oa ts'ebetso ea lisebelisoa tsa 32- le 64-bit x86, tse ka sebelisoang ke mosebedisi ea se nang tokelo. Leha ho le joalo, Red Hat e bolela hore bothata ba bothata bo itšetlehile ka hore na mohala oa tsamaiso ea eBPF o fumaneha ho mosebedisi. Mohlala, ho RHEL le liphaellong tse ling tse ngata tsa Linux ho tlhophiso ea kamehla, tlokotsi e ka sebelisoa haeba BPF JIT e lumelletsoe mme mosebelisi a na le litokelo tsa CAP_SYS_ADMIN. Joalo ka mokhoa oa ho sebetsa, ho khothaletsoa ho tima BPF JIT u sebelisa taelo: echo 0> /proc/sys/net/core/bpf_jit_enable
Bothata bo bakoa ke phoso ea ho bala offset bakeng sa litaelo tsa lekala nakong ea mokhoa oa ho hlahisa khoutu ea mochine oa JIT compiler. Haholo-holo, ha ho etsoa litaelo tsa lekala, ha ho nahane hore offset e ka fetoha ka mor'a ho feta sethaleng sa ho ntlafatsa. Phoso ena e ka sebelisoa ho hlahisa khoutu e makatsang ea mochini le ho e phetha boemong ba kernel.
Hoa hlokomeleha hore sena ha se sona feela ts'oaetso ea tsamaiso e tlase ea eBPF haufinyane. Qetellong ea Hlakubele, likotsi tse ling tse peli li ile tsa bonoa kernel (CVE-2020-27170, CVE-2020-27171), e leng ho nolofalletsang ho sebelisa eBPF ho feta ts'ireletso khahlano le bofokoli ba sehlopha sa Specter, e lumellang ho tseba se ka hare ho mohopolo oa kernel. ka lebaka la ho theha maemo a ts'ebetso e inahaneloang ea ts'ebetso e itseng . Tlhaselo ea Specter e hloka hore ho be le tatellano e itseng ea litaelo ka khoutu e khethehileng e lebisang ho phethahatsong e inahaneloang ea litaelo. Ho eBPF, ho fumanoe mekhoa e mengata ea ho hlahisa litaelo tse joalo ka ho qhekella ka mananeo a BPF a fetisitsoeng bakeng sa ho bolaoa.
Kotsi ea CVE-2020-27170 e bakoa ke ho qhekella ha pointer ho verifier ea BPF e bakang ts'ebetso e inahaneloang ho fihlella sebaka se kantle ho meeli ea buffer. Kotsi ea CVE-2020-27171 e bakoa ke phoso e felletseng ea ho phalla ha metsi ha o sebetsa ka litsupa, e lebisang ho phihlello e inahaneloang ea data kantle ho buffer. Mathata ana a se a ntse a lokisitsoe ho kernel releases 5.11.8, 5.10.25, 5.4.107, 4.19.182 le 4.14.227, 'me a boetse a kenyelelitsoe ho lintlafatso tsa kernel bakeng sa liphallelo tse ngata tsa Linux. Bafuputsi ba lokiselitse ts'ebetso ea prototype e lumellang mosebelisi ea se nang monyetla ho ntša data mohopolong oa kernel.
Source: opennet.ru