Ubuthathaka obuninzi obunobungozi buchongiwe kwi-Linux kernel evumela umsebenzisi wasekhaya ukuba andise amalungelo abo kwinkqubo. Iiprototypes ezisebenzayo zokuxhaphaza zilungiselelwe zonke iingxaki eziqwalaselwayo.
- Umngcipheko (CVE-2022-0995) kwi-watch_queue isiganeko sokulandelela isiganeko sivumela idatha ukuba ibhalwe kwi-buffer engaphandle kwemida kwimemori ye-kernel. Uhlaselo lunokwenziwa nguye nawuphi na umsebenzisi ongenanto kwaye kubangele ukuba ikhowudi yabo isebenze ngamalungelo e-kernel. Ubuthathaka bukhona kwi watch_queue_set_size () umsebenzi kwaye unxulunyaniswa nomzamo wokucima zonke izikhombisi kuluhlu, nokuba inkumbulo ayibelwanga bona. Ingxaki yenzeka xa kusakhiwa ikernel ngokhetho "CONFIG_WATCH_QUEUE=y", olusetyenziswa kunikezelo oluninzi lweLinux.
Ubuthathaka bujongwe kutshintsho lwe-kernel olongeziweyo ngoMatshi we-11. Unokulandela upapasho lohlaziyo lwephakheji kunikezelo kula maphepha: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Iprototype yokuxhaphaza sele ifumaneka esidlangalaleni kwaye ikuvumela ukuba ufumane ukufikelela kweengcambu xa usebenza kwi-Ubuntu 21.10 nge-kernel 5.13.0-37.
- Ubungozi (CVE-2022-27666) kwiimodyuli ze-esp4 kunye ne-esp6 kernel kunye nokuphunyezwa kweenguqu ze-ESP (i-Encapsulating Security Payload) ye-IPsec, esetyenziswa xa usebenzisa i-IPv4 kunye ne-IPv6. Ukuba sesichengeni kuvumela umsebenzisi wasekhaya ngamalungelo aqhelekileyo ukuba abhale ngaphezulu kwezinto kwimemori ye-kernel kwaye anyuse amalungelo abo kwinkqubo. Ingxaki ibangelwa kukunqongophala kolungelelwaniso phakathi kobungakanani bememori eyabiweyo kunye nedatha eyiyo efunyenweyo, xa kunikwe ukuba ubungakanani bobungakanani bomyalezo bungagqitha ubukhulu bememori obubekelwe i-skb_page_frag_refill structure.
Ubuthathaka bulungiswe kwi-kernel ngo-Matshi 7 (ilungiswe kwi-5.17, 5.16.15, njl.). Unokulandela upapasho lohlaziyo lwephakheji kunikezelo kula maphepha: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Iprototype esebenzayo ye-exploit, evumela umsebenzisi oqhelekileyo ukuba afumane ukufikelela kweengcambu kwi-Ubuntu Desktop 21.10 kuqwalaselo olungagqibekanga, sele ithunyelwe kwi-GitHub. Kuthiwa ngotshintsho oluncinci ukuxhaphaza kuya kusebenza nakwiFedora kunye neDebian. Kuyaphawuleka ukuba i-exploit ekuqaleni yayilungiselelwe ukhuphiswano lwe-pwn2own 2022, kodwa abaphuhlisi be-kernel bachonga kwaye balungisa i-bug eyayanyaniswa nayo, ngoko ke kwagqitywa ekubeni kubhengezwe iinkcukacha zobuthathaka.
- Ubuthathaka obubini (i-CVE-2022-1015, i-CVE-2022-1016) kwi-subsystem ye-netfilter kwimodyuli ye-nf_tables, eqinisekisa ukusebenza kwesihluzo sepakethe ye-nftables. Umba wokuqala uvumela umsebenzisi wasekuhlaleni ongenachaphaza ukuba afikelele ngaphandle kwemida abhalele isithinteli esabiweyo kwisitaki. Ukuphuphuma kuyenzeka xa kusetyenzwa iintetho zenftables ezifomathwe ngendlela ethile kwaye zisetyenzwa ngexesha lesigaba sokujonga izalathisi ezichazwe ngumsebenzisi onofikelelo kwimithetho ye-nftables.
Ukuba sesichengeni kubangelwa yinto yokuba abaphuhlisi bathethe ukuba ixabiso le "enum nft_registers reg" yayiyi-byte enye, xa ulungiselelo oluthile lwenziwe lwasebenza, umqambi, ngokwemigaqo yeC89, unokusebenzisa ixabiso le-32-bit kuyo. . Ngenxa yolu phawu, ubungakanani obusetyenzisiweyo xa kuhlolwa kunye nokwabiwa kwememori abuhambelani nobukhulu bokwenene bedatha kwisakhiwo, okukhokelela ekubeni umsila wesakhiwo ugqitywe kunye nezikhombisi kwi-stack.
Ingxaki ingasetyenziselwa ukuphumeza ikhowudi kwinqanaba le-kernel, kodwa uhlaselo oluyimpumelelo lufuna ukufikelela kwi-nftables, enokufumaneka kwindawo yegama lomsebenzi womnatha owahlukileyo kunye namalungelo e-CLONE_NEWUSER okanye CLONE_NEWNET (umzekelo, ukuba unokuqhuba isitya esisodwa). Ubuthathaka bukwanxulumene ngokusondeleyo nolungiselelo olusetyenziswa ngumqokeleli, othi, umzekelo, avuleke xa kusakhiwa βCONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=yβ indlela. Ukusetyenziswa kobuthathaka kunokwenzeka ukuqala ngeLinux kernel 5.12.
Ubuthathaka besibini kwi-netfilter bubangelwa kukufikelela kwindawo yenkumbulo esele ikhululwe (ukusetyenziswa-emva-kwasimahla) kwi-nft_do_chain handler kwaye kunokukhokelela ekuvuzeni kweendawo ezingasetyenziswanga zememori ye-kernel, enokufundwa ngokusetyenziswa kobuchule kunye ne-nftables expressions kwaye isetyenziswe, umzekelo, ukumisela iidilesi zesalathisi ngexesha lokusebenzisa uphuhliso lobunye ubuthathaka. Ukusetyenziswa kobuthathaka kunokwenzeka ukuqala ngeLinux kernel 5.13.
Ubuthathaka bujongwa kwi-kernel patches yanamhlanje 5.17.1, 5.16.18, 5.15.32, 5.10.109, 5.4.188, 4.19.237, 4.14.274, kunye ne-4.9.309. Unokulandela upapasho lohlaziyo lwephakheji kunikezelo kula maphepha: Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux. Umphandi ochonge iingxaki wabhengeza ukulungiswa kokusebenza okusebenzayo kubo bobabini ubuthathaka, obucetywayo ukuba bupapashwe kwiintsuku ezimbalwa, emva kokuba ukuhanjiswa kukhutshwe ukuhlaziywa kwiiphakheji ze-kernel.
umthombo: opennet.ru