Ubuthathaka obubalulekileyo ichongiwe kwimodyuli ye-ksmbd, equka ukuphunyezwa komncedisi wefayile esekwe kwiprotocol ye-SMB eyakhelwe kwi-Linux kernel, ekuvumela ukuba wenze ukude ikhowudi yakho ngamalungelo e-kernel. Uhlaselo lunokwenziwa ngaphandle kokuqinisekisa; kwanele ukuba imodyuli ye-ksmbd ivulwe kwinkqubo. Ingxaki ibonakala ukususela kwi-kernel 5.15, ekhutshwe ngoNovemba ka-2021, kwaye yalungiswa ngokuthula kuhlaziyo lwe-5.15.61, 5.18.18 kunye ne-5.19.2, ekhutshwe ngo-Agasti ka-2022. Kuba isichongi se-CVE singekabelwa kulo mba, akukho lwazi luchanekileyo malunga nendlela yokulungisa umba ekusasazeni.
Iinkcukacha malunga nokuxhatshazwa kobuthathaka azikabhengezwa, kuyaziwa kuphela ukuba ubuthathaka bubangelwa kukufikelela kwindawo yenkumbulo esele ikhululwe (Sebenzisa-Emva-Mahala) ngenxa yokunqongophala kokujonga ubukho bento phambi kokwenza imisebenzi. kuyo. Ingxaki ibangelwe kukuba smb2_tree_disconnect() umsebenzi ukhulule inkumbulo eyabelwe ksmbd_tree_connect isakhiwo, kodwa emva koko bekusasetyenziswa isalathisi xa kusetyenzwa izicelo ezithile zangaphandle eziqulathe SMB2_TREE_DISCONNECT imiyalelo.
Ukongeza kubuthathaka obukhankanyiweyo, iingxaki ezi-4 ezingaphantsi kobungozi nazo zilungisiwe kwi-ksmbd:
- I-ZDI-22-1688 - ukuphunyezwa kwekhowudi ekude kunye namalungelo e-kernel ngenxa yekhowudi yokucubungula uphawu lwefayile engajongi ubungakanani bedatha yangaphandle ngaphambi kokuyikopisha kwi-buffer ezinikeleyo. Ubuthathaka buncitshiswe yinto yokuba uhlaselo lunokwenziwa kuphela ngumsebenzisi oqinisekisiweyo.
- I-ZDI-22-1691 - ulwazi olukude luvuza kwimemori ye-kernel ngenxa yokukhangela okungalunganga kweeparameters zokufaka kwi-SMB2_WRITE yomphathi womyalelo (uhlaselo lunokwenziwa kuphela ngumsebenzisi oqinisekisiweyo).
- I-ZDI-22-1687 - ukukhanyela okude kwenkonzo okubangelwa ukudinwa kwememori ekhoyo kwinkqubo ngenxa yokukhutshwa okungalunganga kwezixhobo kwi-SMB2_NEGOTIATE yomphathi womyalelo (uhlaselo lunokwenziwa ngaphandle kokuqinisekiswa).
- I-ZDI-22-1689 - Ukuphazamiseka kwe-kernel ekude ngenxa yokungabikho kokuqinisekiswa okufanelekileyo kweeparameters zomyalelo we-SMB2_TREE_CONNECT, obangela ukuba kufundwe kwindawo engaphandle kwe-buffer (uhlaselo lunokwenziwa kuphela ngumsebenzisi oqinisekisiweyo).
Inkxaso yokuqhuba iseva ye-SMB usebenzisa imodyuli ye-ksmbd ikhona kwiphakheji ye-Samba ukususela ekukhululweni kwe-4.16.0. Ngokungafaniyo neseva ye-SMB yendawo yomsebenzisi, i-ksmbd isebenze ngakumbi ngokwemigaqo yokusebenza, ukusetyenziswa kwememori, kunye nokudibanisa kunye neempawu eziphambili zekernel. I-Ksmbd ichazwa njengomsebenzi ophezulu, ulwandiso lwe-Samba oluzinzisiweyo oludityaniswa nezixhobo zeSamba kunye namathala eencwadi njengoko kufuneka. Ikhowudi ye-ksmbd yabhalwa nguNamjae Jeon we-Samsung kunye no-Hyunchul Lee we-LG, kwaye i-kernel igcinwe nguSteve French weMicrosoft, umgcini we-CIFS / SMB2 / SMB3 subsystems kwi-Linux kernel kunye nelungu elide leqela lophuhliso leSamba. , oye waba negalelo elikhulu ekuphunyezweni kwenkxaso yeeprothokholi ze-SMB/CIFS kwiSamba kunye neLinux.
umthombo: opennet.ru