Ubuthathaka obuninzi buchongiwe kwi-Linux kernel, ebangelwa kukufikelela kwiindawo zememori esele zikhululiwe kunye nokuvumela umsebenzisi wasekhaya ukuba andise amalungelo abo kwinkqubo. Kuzo zonke iingxaki eziqwalaselweyo, iiprototypes ezisebenzayo zokuxhaphaza zenziwe, eziza kupapashwa ngeveki emva kokupapashwa kolwazi malunga nobuthathaka. Iipetshi zokulungisa iingxaki zithunyelwe kubaphuhlisi be-Linux kernel.
- I-CVE-2022-2588 bubungozi ekuphunyezweni kwe-cls_route filter ebangelwa yimpazamo ngenxa yoko, xa kusenziwa isiphatho esingenanto, isihluzo esidala asizange sisuswe kwitafile ye-hash ngaphambi kokuba imemori isuswe. Ubuthathaka bukhona ukususela ekukhululweni kwe-2.6.12-rc2. Uhlaselo lufuna amalungelo eCAP_NET_ADMIN, anokufunyanwa ngokuba nofikelelo lokwenza izithuba zomsebenzi womnatha okanye izithuba zamagama abasebenzisi. Njengomsebenzi wokhuseleko, unokukhubaza imodyuli ye-cls_route ngokongeza umgca 'faka i-cls_route /bin/true' kwi-modprobe.conf.
- I-CVE-2022-2586 bubuthathaka kwisixokelelwano sokucoca umnatha kwimodyuli ye-nf_tables, ebonelela ngesihluzo sepakethe ye-nftables. Ingxaki ibangelwa yinto yokuba into ye-nft inokubhekisela kuluhlu olusetiyo kwenye itafile, ekhokelela ekufikeleleni kwindawo yememori ekhululiwe emva kokuba itafile icinyiwe. Ukuba sesichengeni kuye kwabakho ukususela ekukhululweni kwe-3.16-rc1. Uhlaselo lufuna amalungelo eCAP_NET_ADMIN, anokufunyanwa ngokuba nofikelelo lokwenza izithuba zomsebenzi womnatha okanye izithuba zamagama abasebenzisi.
- I-CVE-2022-2585 bubungozi kwi-POSIX CPU timer ebangelwa kukuba xa ubizwa kwi-thread non-laid, isakhiwo sexesha sihlala kuluhlu, nangona ukucima imemori eyabelwe ukugcinwa. Ukuba sesichengeni kuye kwabakho ukususela ekukhululweni kwe-3.16-rc1.
umthombo: opennet.ru