ืคึผืจืึธื”ืึธืกื˜ืขืจ > ื‘ืœืึธื’ > ืื™ื ื˜ืขืจื ืขื˜ ื ื™ื™ึทืขืก > ืืŸ ืื ื“ืขืจ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ ืื™ืŸ ื“ื™ ืœื™ื ื•ืงืก ื ืขื˜ืคื™ืœื˜ืขืจ ืงืขืจืŸ ืกืึทื‘ืกื™ืกื˜ืึทื

ืืŸ ืื ื“ืขืจ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ ืื™ืŸ ื“ื™ ืœื™ื ื•ืงืก ื ืขื˜ืคื™ืœื˜ืขืจ ืงืขืจืŸ ืกืึทื‘ืกื™ืกื˜ืึทื

ื ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ (CVE-2022-1972) ืื™ื– ื™ื™ื“ืขื ืึทืคื™ื™ื“ ืื™ืŸ ื“ื™ Netfilter ืงืขืจืŸ ืกืึทื‘ืกื™ืกื˜ืึทื, ืขื ืœืขืš ืฆื• ื“ื™ ืคึผืจืึธื‘ืœืขื ื“ื™ืกืงืœืึธื•ื–ื“ ืื™ืŸ ื“ื™ ืกื•ืฃ ืคื•ืŸ ืžื™ื™ึท. ื“ื™ ื ื™ื™ึทืข ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ ืื•ื™ืš ืึทืœืึทื•ื– ืึท ื”ื™ื’ืข ื‘ืึทื ื™ืฆืขืจ ืฆื• ื‘ืึทืงื•ืžืขืŸ ื•ื•ืึธืจืฆืœ ืจืขื›ื˜ ืื™ืŸ ื“ื™ ืกื™ืกื˜ืขื ื“ื•ืจืš ืžืึทื ื™ืคึผื™ืึทืœื™ื™ืฉืึทืŸ ืคื•ืŸ ื›ึผืœืœื™ื ืื™ืŸ ื ืคื˜ืึทื‘ืœืขืก ืื•ืŸ ืจื™ืงื•ื•ื™ื™ืขืจื– ืึทืงืกืขืก ืฆื• ื ืคื˜ืึทื‘ืœืขืก ืฆื• ื“ื•ืจื›ืคื™ืจืŸ ื“ื™ ื‘ืึทืคืึทืœืŸ, ื•ื•ืึธืก ืงืขื ืขืŸ ื–ื™ื™ืŸ ื‘ืืงื•ืžืขืŸ ืื™ืŸ ืึท ื‘ืึทื–ื•ื ื“ืขืจ ื ืึทืžืขืกืคึผืึทืกืข (ื ืขืฅ ื ืึทืžืขืกืคึผื™ื™ืก ืึธื“ืขืจ ื‘ืึทื ื™ืฆืขืจ ื ืึทืžืขืกืคึผืึทืกืข) ืžื™ื˜ CLONE_NEWUSER, CLONE_NEWNS ืึธื“ืขืจ CLONE_NEWNET ืจืขื›ื˜ (ืœืžืฉืœ ืื•ื™ื‘ ืขืก ืื™ื– ืžืขื’ืœืขืš ืฆื• ืœื•ื™ืคืŸ ืึทืŸ ืืคื’ืขื–ื•ื ื“ืขืจื˜ ืงืึทื ื˜ื™ื™ื ืขืจ).

ื“ื™ ืึทืจื•ื™ืกื’ืขื‘ืŸ ืื™ื– ื’ืขืคึฟื™ืจื˜ ื“ื•ืจืš ืึท ื–ืฉื•ืง ืื™ืŸ ื“ื™ ืงืึธื“ ืคึฟืึทืจ ื”ืึทื ื“ืœื™ื ื’ ืฉื˜ืขืœืŸ ืจืฉื™ืžื•ืช ืžื™ื˜ ืคืขืœื“ืขืจ ื•ื•ืึธืก ืึทืจื™ื™ึทื ื ืขืžืขืŸ ืงื™ื™ืคืœ ืจื™ื™ื ื“ื–ืฉืึทื–, ืื•ืŸ ืจืขื–ื•ืœื˜ืึทื˜ืŸ ืื™ืŸ ืึท ืึทืจื•ื™ืก-ืคื•ืŸ-ื‘ืึทื•ื ื“ ืฉืจื™ื™ึทื‘ืŸ ื•ื•ืขืŸ ืคึผืจืึทืกืขืกื™ื ื’ ืกืคึผืขืฆื™ืขืœ ืคืึธืจืžืึทื˜ื˜ืขื“ ืจืฉื™ืžื” ืคึผืึทืจืึทืžืขื˜ืขืจืก. ืจืขืกืขืึทืจื˜ืฉืขืจืก ื–ืขื ืขืŸ ื‘ื™ื›ื•ืœืช ืฆื• ืฆื•ื’ืจื™ื™ื˜ืŸ ืึท ืืจื‘ืขื˜ืŸ ืขืงืกืคึผืœื•ื™ื˜ ืฆื• ื‘ืึทืงื•ืžืขืŸ ื•ื•ืึธืจืฆืœ ืจืขื›ื˜ ืื™ืŸ Ubuntu 21.10 ืžื™ื˜ ื“ื™ 5.13.0-39-ื“ื–ืฉืึทื ืขืจื™ืง ืงืขืจืŸ. ื“ื™ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ ืื™ื– ืกื˜ืึทืจื˜ื™ื ื’ ืคึฟื•ืŸ ืงืขืจืŸ 5.6. ื ืคืึทืจืจื™ื›ื˜ืŸ ืื™ื– ืฆื•ื’ืขืฉื˜ืขืœื˜ ื•ื•ื™ ืึท ืœืึทื˜ืข. ืฆื• ืคืึทืจืฉืคึผืึทืจืŸ ืขืงืกืคึผืœื•ื™ื˜ื™ื™ืฉืึทืŸ ืคื•ืŸ ื“ื™ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ ืื•ื™ืฃ ืจืขื’ื•ืœืขืจ ืกื™ืกื˜ืขืžืขืŸ, ืื™ืจ ื–ืึธืœ ืžืึทื›ืŸ ื–ื™ื›ืขืจ ืฆื• ื“ื™ืกื™ื™ื‘ืึทืœ ื“ื™ ืคื™ื™ื™ืงื™ื™ื˜ ืฆื• ืฉืึทืคึฟืŸ ื ืึธืžืขืŸ ืกืคึผื™ื™ืกืึทื– ืคึฟืึทืจ ืึทื ืคึผืจื™ื•ื•ื™ืœื™ื“ื–ืฉื“ ื™ื•ื–ืขืจื– ("sudo sysctl -w kernel.unprivileged_userns_clone=0").

ืื™ืŸ ืึทื“ื™ืฉืึทืŸ, ืื™ื ืคึฟืึธืจืžืึทืฆื™ืข ืื™ื– ืืจื•ื™ืก ื•ื•ืขื’ืŸ ื“ืจื™ื™ ืงืขืจืŸ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืฉื™ื™ึทื›ื•ืช ืฆื• ื“ื™ NFC ืกืึทื‘ืกื™ืกื˜ืึทื. ื“ื™ ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™ื– ืงืขื ืขืŸ ืึธื ืžืึทื›ืŸ ืึท ืงืจืึทืš ื“ื•ืจืš ืึทืงืฉืึทื ื– ื“ื•ืจื›ื’ืขืงืึธื›ื˜ ื“ื•ืจืš ืึท ืึทื ืคึผืจื™ื•ื•ื™ืœืึทื“ื–ืฉื“ ื‘ืึทื ื™ืฆืขืจ (ืžืขืจ ื’ืขืคืขืจืœืขืš ื‘ืึทืคืึทืœืŸ ื•ื•ืขืงื˜ืึธืจืก ื”ืึธื‘ืŸ ื ื™ืฉื˜ ื ืึธืš ื“ืขืžืึทื ืกื˜ืจื™ื™ื˜ื™ื“):

  • CVE-2022-1734 ืื™ื– ืึท ื ื•ืฆืŸ-ื ืึธืš-ืคืจื™ื™ ื–ื™ืงืึธืจืŸ ืจื•ืคืŸ ืื™ืŸ ื“ื™ nfcmrvl ื“ืจื™ื™ื•ื•ืขืจ (ื“ืจื™ื•ื•ืขืจืก/nfc/nfcmrvl), ื•ื•ืึธืก ืึทืงืขืจื– ื•ื•ืขืŸ ืกื™ืžื™ืึทืœื™ื™ื˜ื™ื ื’ ืึท NFC ืžื™ื˜ืœ ืื™ืŸ ื‘ืึทื ื™ืฆืขืจ ืคึผืœืึทืฅ.
  • CVE-2022-1974 - ืึท ืฉื•ื™ืŸ ื‘ืืคืจื™ื™ื˜ ื–ื›ึผืจื•ืŸ ืจื•ืคืŸ ืึทืงืขืจื– ืื™ืŸ ื“ื™ ื ืขื˜ืœื™ื ืง ืคืึทื ื’ืงืฉืึทื ื– ืคึฟืึทืจ NFC ื“ืขื•ื•ื™ืกืขืก (/net/nfc/core.c), ื•ื•ืึธืก ืึทืงืขืจื– ื•ื•ืขืŸ ืจืขื“ื–ืฉื™ืกื˜ืขืจื™ื ื’ ืึท ื ื™ื™ึท ืžื™ื˜ืœ. ื•ื•ื™ ื“ื™ ืคืจื™ืขืจื“ื™ืงืข ื•ื•ืึทืœื ืขืจืึทื‘ื™ืœื™ื˜ื™, ื“ื™ ืคึผืจืึธื‘ืœืขื ืงืขื ืขืŸ ื–ื™ื™ืŸ ืขืงืกืคึผืœื•ื™ื˜ืึทื“ ื“ื•ืจืš ืกื™ืžื™ืึทืœื™ื™ื˜ื™ื ื’ ืึท NFC ืžื™ื˜ืœ ืื™ืŸ ื‘ืึทื ื™ืฆืขืจ ืคึผืœืึทืฅ.
  • CVE-2022-1975 ืื™ื– ืึท ื–ืฉื•ืง ืื™ืŸ ื“ื™ ืคื™ืจืžื•ื•ืึทืจืข ืœืึธื•ื“ื™ื ื’ ืงืึธื“ ืคึฟืึทืจ NFC ื“ืขื•ื•ื™ืกืขืก ื•ื•ืึธืก ืงืขื ืขืŸ ื–ื™ื™ืŸ ืขืงืกืคึผืœื•ื™ื˜ืึทื“ ืฆื• ืคืึทืจืฉืึทืคืŸ ืึท "ืคึผืึทื ื™ืง" ืฆื•ืฉื˜ืึทื ื“.

ืžืงื•ืจ: opennet.ru

ืœื™ื™ื’ืŸ ืึท ื‘ืึทืžืขืจืงื•ื ื’