Kufunyenwe ubuthathaka obubini kwi-kernel yeLinux. Olu buthathaka bufana ngokwemvelo nobuthathaka beCopy Fail obutyhilwe kwiintsuku ezimbalwa ezidlulileyo, kodwa buchaphazela iinkqubo ezahlukeneyo—i-xfrm-ESP kunye ne-RxRPC. Olu luhlu lobuthathaka lubizwa ngokuba yi-Dirty Frag (ekwabizwa ngokuba yiCopy Fail 2). Olu buthathaka buvumela umsebenzisi ongenamalungelo okufumana amalungelo eengcambu ngokubhala ngaphezulu idatha yenkqubo kwi-page cache. Kukho i-exploit esebenza kuzo zonke ii-Linux distributions zangoku. Ubuthathaka butyhilwe ngaphambi kokuba kupapashwe ii-patches, kodwa kukho indlela yokusombulula ingxaki.
I-Dirty Frag igubungela ubuthathaka obubini obahlukeneyo: owokuqala kwi-module ye-xfrm-ESP, esetyenziselwa ukukhawulezisa imisebenzi yokubethela i-IPsec kusetyenziswa i-protocol ye-ESP (Encapsulating Security Payload), kunye nowesibini kwi-driver ye-RxRPC, esebenzisa usapho lwe-socket ye-AF_RXRPC kunye ne-protocol ye-RPC yegama elifanayo, esebenza phezu kwe-UDP. Ubuthathaka ngabunye, obuthathwe ngokwahlukeneyo, buvumela amalungelo eengcambu. Ubuthathaka be-xfrm-ESP bukhona kwi-kernel yeLinux ukusukela ngoJanuwari 2017, kwaye ubuthathaka be-RxRPC bukhona ukusukela ngoJuni 2023. Zombini ezi ngxaki zibangelwa kukulungiswa okuvumela ukubhalwa ngqo kwi-cache yephepha.
Ukuze usebenzise ubungonakali be-xfrm-ESP, umsebenzisi kufuneka abe nemvume yokwenza iindawo zamagama, kwaye ukuze asebenzise ubungonakali be-RxRPC, imodyuli ye-kernel ye-rxrpc.ko kufuneka ilayishwe. Umzekelo, kwi-Ubuntu, imithetho ye-AppArmor ithintela abasebenzisi abangenamalungelo ekudaleni iindawo zamagama, kodwa imodyuli ye-rxrpc.ko ilayishwa ngokuzenzekelayo. Ezinye iindawo azinayo imodyuli ye-rxrpc.ko kodwa aziyithinteli indalo yeendawo zamagama. Umphandi ofumene le ngxaki uphuhlise inkqubo edibeneyo ekwaziyo ukuhlasela inkqubo ngokusebenzisa ubungonakali bobabini, okwenza kube nokwenzeka ukuyisebenzisa le ngxaki kuzo zonke iindawo ezinkulu. Le ntshukumo iqinisekisiwe ukuba isebenza kwi-Ubuntu 24.04.4 ene-kernel 6.17.0-23, i-RHEL 10.1 ene-kernel 6.12.0-124.49.1, i-openSUSE Tumbleweed ene-kernel 7.0.2-1, i-CentOS Stream 10 ene-kernel 6.12.0-224, i-AlmaLinux 10 ene-kernel 6.12.0-124.52.3, kunye ne-Fedora 44 ene-kernel 6.19.14-300.
Njengakwimeko yobuthathaka beCopy Fail, imiba ekwi-xfrm-ESP kunye ne-RxRPC ibangelwa kukususwa kwedatha kwindawo kusetyenziswa umsebenzi we-splice(), odlulisela idatha phakathi kweenkcazo zefayile kunye neepayipi ngaphandle kokukopa, ngokudlulisa iireferensi kwizinto ezikwi-page cache. Ii-Write offsets zibalwe ngaphandle kokuhlolwa okufanelekileyo ukuze kujongwe ukusetyenziswa kweereferensi ezithe ngqo kwizinto ezikwi-page cache, okuvumela izicelo ezenziwe ngokukodwa ukuba zibhale ngaphezulu ii-bytes ezi-4 kwi-offset ethile kwaye zitshintshe umxholo wayo nayiphi na ifayile kwi-page cache.
Yonke imisebenzi yokufunda iifayile ifumana umxholo kwi-cache yephepha kuqala. Ukuba idatha ekwi-cache yephepha itshintshiwe, imisebenzi yokufunda iifayile iya kubuyisela idatha etshintshiweyo, hayi ulwazi olugcinwe kwi-drive. Ukusetyenziswa kobuthathaka kuxhomekeke ekuguquleni i-cache yephepha kwifayile esebenzisekayo eneflegi ye-suid root. Umzekelo, ukuze ufumane amalungelo eengcambu, umntu angafunda ifayile esebenzisekayo /usr/bin/su ukuze ayibeke kwi-cache yephepha, aze emva koko afake ikhowudi yakhe kwimixholo yale fayile efakwe kwi-cache yephepha. Ukuphunyezwa okulandelayo kwesixhobo "su" kuya kubangela ukuba ikopi eguquliweyo evela kwi-cache yephepha ilayishwe kwimemori, kungekhona ifayile esebenzisekayo yokuqala evela kwi-drive.
Ukutyhilwa kobuthathaka kunye nokukhululwa okucwangcisiweyo kweepatches kwakucwangciselwe umhla we-12 kuMeyi, kodwa ngenxa yokuvuza, ulwazi lobuthathaka kwafuneka lupapashwe ngaphambi kokuba iipatches zikhutshwe. Ekupheleni kuka-Epreli, iipatches ze-rxrpc, ipsec, kunye ne-xfrm zathunyelwa kuluhlu lweposi lukawonke-wonke lwe-netdev ngaphandle kokukhankanya ukuba zinxulumene nobuthathaka. Ngomhla wesi-5 kuMeyi, umgcini wenkqubo engaphantsi kwe-IPsec wamkele utshintsho kwindawo yokugcina i-netdev Git ngokulungiswa okucetywayo kwimodyuli ye-xfrm-esp. Inkcazo yotshintsho yayifana kakhulu nenkcazo yombandela okhokelele kubuthathaka beCopy Fail kwimodyuli ye-algif_aead. Umphandi wokhuseleko waba nomdla kolu lungiso, wakwazi ukwenza i-exploit esebenzayo, waza wayipapasha, engazi ukuba kubekwe i-embargo ekutyhileni ulwazi malunga nombandela kude kube ngumhla we-12 kuMeyi.
Uhlaziyo olunezilungiso zeepakethe ze-kernel zeLinux kunye ne-kernel kulwabiwo alukapapashwa, kodwa iipatches ezijongana nemiba ziyafumaneka—xfrm-esp kunye ne-rxrpc. Izihlonzi ze-CVE azinikwanga, nto leyo eyenza kube nzima ukulandelela uhlaziyo lweepakethe kulwabiwo. Njengesisombululo, ungathintela ukulayishwa kweemodyuli ze-kernel ze-esp4, esp6, kunye ne-rxrpc: sh -c "printf 'install esp4 /bin/false\ninstall esp6 /bin/false\ninstall rxrpc /bin/false\n' > /etc/modprobe.d/dirtyfrag.conf; rmmod esp4 esp6 rxrpc 2>/dev/null; true"
umthombo: opennet.ru
