Abaphandi bokhuseleko abavela kuGoogle bachonge ubuthathaka (CVE-2025-38236) kwi-Linux kernel evumela ukunyuka kwamalungelo. Phakathi kwezinye izinto, ukuba sesichengeni kuvumela ukudlula indlela yesanti yesanti esetyenziswa kuGoogle Chrome kunye nokufezekiswa kwekhowudi yomgangatho wekernel xa kusenziwa ikhowudi kumxholo wenkqubo ekwanti yonikezelo yeChrome (umzekelo, xa usebenzisa obunye ubungozi kwiChrome). Umba ubonakala uqala nge-Linux kernel 6.9 kwaye yalungiswa kwi-Linux kernel updates 6.1.143, 6.6.96, 6.12.36, kunye ne-6.15.5. Iprototype ye-exploit iyafumaneka ukuze ikhutshelwe.
Ukuba sesichengeni kubangelwa yimpazamo yophumezo kwiflegi ye-MSG_OOB, enokumiselwa iisokethi ze-AF_UNIX. Iflegi ye-MSG_OOB ("out-of-band") ivumela i-byte eyongezelelweyo ukuba iqhotyoshelwe kwidatha ethunyelwayo, leyo umamkeli anokuyifunda phambi kokuba yonke idatha ifunyenwe. Le flegi yongezwa kwi-Linux 5.15 kernel ngesicelo se-Oracle kwaye yacetywa ukuba ihoxiswe kunyaka ophelileyo kuba yayingasetyenziswanga ngokubanzi.
Ukuphunyezwa kwebhokisi yesanti yeChrome kuvumele ukusebenza kweesokethi ze-UNIX kunye nokuthumela ()/recv () iminxeba yenkqubo apho iflegi ye-MSG_OOB ivunyelwe kunye nezinye iinketho kwaye ayizange ihluzwe ngokwahlukeneyo. Igciwane kumiliselo lweMSG_OOB luvumele ukusetyenziswa emva-kwemeko ekhululekileyo ukuba yenzeke emva kokwenza ulandelelwano oluthile lweefowuni zesixokelelwano: char dummy; iikawusi [2]; socketpair(AF_UNIX, SOCK_STREAM, 0, iikawusi); thumela(iikawusi[1], "A", 1, MSG_OOB); recv(iikawusi[0], &dummy, 1, MSG_OOB); thumela(iikawusi[1], "A", 1, MSG_OOB); recv(iikawusi[0], &dummy, 1, MSG_OOB); thumela(iikawusi[1], "A", 1, MSG_OOB); recv(iikawusi[0], &dummy, 1, 0); recv(iikawusi[0], &dummy, 1, MSG_OOB);
umthombo: opennet.ru
