Awọn oniwadi aabo lati ọdọ Google ti ṣe idanimọ ailagbara kan (CVE-2025-38236) ninu ekuro Linux ti o fun laaye fun igbega anfani. Lara awọn ohun miiran, ailagbara naa ngbanilaaye fun yiyọkuro ẹrọ ipinya apoti iyanrin ti a lo ninu Google Chrome ati iyọrisi ipaniyan koodu ipele-kernel nigbati o ba n ṣiṣẹ koodu ni agbegbe ti ilana imupadabọ Chrome ti o ya sọtọ (fun apẹẹrẹ, nigba lilo ailagbara miiran ni Chrome). Ọrọ naa han lati bẹrẹ pẹlu ekuro Linux 6.9 ati pe o wa titi ni awọn imudojuiwọn ekuro Linux 6.1.143, 6.6.96, 6.12.36, ati 6.15.5. Afọwọkọ ti ilokulo wa fun igbasilẹ.
Ailagbara naa ṣẹlẹ nipasẹ aṣiṣe imuse kan ninu asia MSG_OOB, eyiti o le ṣeto fun awọn iho AF_UNIX. Asia MSG_OOB ("jade-ti-band") faye gba afikun baiti lati somọ data ti a firanṣẹ, eyiti olugba le ka ṣaaju ki o to gba iyoku data naa. A fi asia yii kun ninu ekuro Linux 5.15 ni ibeere ti Oracle ati pe a dabaa fun idinku ni ọdun to kọja nitori ko lo pupọ.
Imuse apoti iyanrin Chrome gba awọn iṣẹ iho iho UNIX ati firanṣẹ ()/recv () awọn ipe eto nibiti a ti gba asia MSG_OOB laaye pẹlu awọn aṣayan miiran ati pe ko ṣe iyọda lọtọ. Kokoro kan ninu imuse MSG_OOB laaye fun ipo lilo-lẹhin-ọfẹ lati waye lẹhin ṣiṣe awọn ọna kan ti awọn ipe eto: char dummy; int ibọsẹ[2]; socketpair (AF_UNIX, SOCK_STREAM, 0, ibọsẹ); firanṣẹ (awọn ibọsẹ[1], "A", 1, MSG_OOB); recv (ibọsẹ [0], & idinwon, 1, MSG_OOB); firanṣẹ (awọn ibọsẹ[1], "A", 1, MSG_OOB); recv (ibọsẹ [0], & idinwon, 1, MSG_OOB); firanṣẹ (awọn ibọsẹ[1], "A", 1, MSG_OOB); recv (ibọsẹ [0], & idinwon, 1, 0); recv (ibọsẹ [0], & idinwon, 1, MSG_OOB);
orisun: opennet.ru
