Ubuthathaka (i-CVE-2021-4155) ichongiwe kwikhowudi yefayile ye-XFS evumela umsebenzisi wasekhaya ongenanto ukuba afunde idatha yebhloko engasetyenziswanga ngokuthe ngqo kwisixhobo sebhloko. Zonke iinguqulelo eziphambili ze-Linux kernel ezindala kune-5.16 eziqulathe umqhubi we-XFS ziyachatshazelwa ngulo mba. Ukulungiswa kufakwe kwi-version 5.16, kunye nokuhlaziywa kwe-kernel 5.15.14, 5.10.91, 5.4.171, 4.19.225, njl. Ubume bohlaziyo olwenziwayo ukulungisa ingxaki kunikezelo lunokulandelwa kula maphepha: Debian, RHEL, SUSE, Fedora, Ubuntu, Arch.
Ukuba sesichengeni kubangelwa ukuziphatha okungachanekanga kwe-XFS-specific ioctl(XFS_IOC_ALLOCSP) kunye ne-ioctl(XFS_IOC_FREESP), eziyi-analogue esebenzayo ye-kernel-wide fallocate() inkqubo yokufowuna. Xa unyusa ubungakanani befayile engalungelelaniniswanga ibloko, ioctls XFS_IOC_ALLOCSP/XFS_IOC_FREESP musa ukuseta kwakhona iibytes zomsila ukuya kuqanda de ibe ngumda webhloko olandelayo. Ngaloo ndlela, kwi-XFS kunye nobukhulu obuqhelekileyo bebhloko ye-4096 bytes, umhlaseli unokufunda ukuya kwi-4095 bytes yedatha ebhaliweyo yangaphambili kwibhloko nganye. Ezi ndawo zinokuqulatha idatha kwiifayile ezicinyiweyo, iifayile eziqhawukileyo, kunye neefayile ezineebhloko ezidityanisiweyo.
Ungavavanya inkqubo yakho yengxaki usebenzisa iprototype elula yokuxhaphaza. Ukuba, emva kokuphumeza ulandelelwano olucetywayo lwemiyalelo, kunokwenzeka ukuba ufunde isicatshulwa sikaShakespeare, ngoko umqhubi weFS usengozini. Ekuqaleni ukunyuswa kwesahlulelo se-XFS somboniso kufuna amalungelo akhethekileyo.
Kuba ioctl(XFS_IOC_ALLOCSP) kunye ne-ioctl(XFS_IOC_FREESP) ziyafana ngokusebenza njenge-fallocate eqhelekileyo(), kwaye umahluko wazo kuphela kukuvuza kwedatha, ubukho bazo buyafana nomva. Nangona umgaqo-nkqubo jikelele wokungatshintshi i-interfaces ekhoyo kwi-kernel, kwisiphakamiso sikaLinus, kwagqitywa ukuba kususwe ngokupheleleyo ezi ioctls kwinguqulo elandelayo.
umthombo: opennet.ru