Ubufakazi bomqondo wobuthakathaka bushicilelwe. I-DirtyDecrypt, obeye aziwe njengo I-DirtyCBC, okuvumela umsebenzisi wendawo ongenamalungelo ukuthola amalungelo ezimpande kwezinye izinhlelo LinuxInkinga ikwikhodi. i-rxgk izinhlelo ezingaphansi I-RxRPC futhi ihlobene nokubhala kwe-cache yekhasi ngenxa yokungabikho kokuhlola kokukopisha-kokubhala kumsebenzi we-rxgk_decrypt_skb(). I-PoC yashicilelwa ngoMeyi 18, 2026, yi-BleepingComputer; i-PoC ngokwayo ithunyelwe ku- Izindawo zokugcina ithimba le-V12.
I-RxRPC iyiphrothokholi yenethiwekhi ye-kernel. Linux ngaphezu kwe-UDP, okunikeza ukuthuthwa okuthembekile kwemisebenzi ekude. Imibhalo ye-kernel isho ngqo ukuthi AFS — I-Andrew File System iyisibonelo sohlelo lokusebenza olusebenzisa i-RxRPC, futhi iphrothokholi ngokwayo isekela izingxoxo zokuphepha kokuxhumeka. Yilapho i-RxGK, esetshenziselwa imodi ephephile ye-RxRPC/AFS, isebenza khona.
Ngokusho kwencazelo ye-V12, i-DirtyDecrypt ingenye indlela ehlukile yesigaba sobuthakathaka I-CopyFail / I-Dirty Frag / I-FragnesiaZonke zizungeza umqondo ofanayo: ukuphathwa kabi kwememori ye-kernel, i-page cache, kanye nama-buffer kungavumela inqubo yendawo engenamalungelo ukuthi ithinte idatha okufanele ingabhalwa. Endabeni ye-DirtyDecrypt, lokhu "ukubhala kwe-rxgk pagecache" ngenxa yokuvikelwa kwe-COW okungekho ku-rxgk_decrypt_skb().
Ithimba le-V12 lithi lithole futhi labika ngalolu daba. I-9 Kungenzeka iminyaka engu-2026, kodwa abanakekeli be-kernel baphendule ngokuthi kwakuyikhophi yephutha elivele lilungisiwe. Abacwaningi base beshicilela ubufakazi bomqondo, bethi ukulungiswa kwase kuvele ku-kernel eyinhloko.
Isimo ngama-CVE asibonakali silula ngokuphelele. I-BleepingComputer ibika ukuthi ayikho i-CVE esemthethweni ehlukile yegama le-DirtyDecrypt ngesikhathi sokushicilelwa, kodwa umhlaziyi uWill Dormann uxhumanisa imininingwane eshicilelwe yi-V12 ne- I-CVE-2026-31635, kulungiswe ekupheleni kuka-Ephreli. I-NVD ichaza i-CVE-2026-31635 njengephutha ku-rxrpc: umsebenzi we-rxgk_verify_response() uhlole ngokungalungile ubude be-RESPONSE authenticator, okungaholela ekutheni i-authenticator ende kakhulu idluliselwe ku-rxgk_decrypt_skb() futhi ibangele ukuthi ikhodi yehluleke i-BUG_ON(len).
Okusho ukuthi, izincwadi ezitholakala emphakathini zixhumanisa i-DirtyDecrypt ne- I-CVE-2026-31635, kodwa incazelo ye-CVE esemthethweni ku-NVD okwamanje ibonakala incane kakhulu futhi ibhekisela kakhulu ephutheni lokuhlola ubude ku-rxrpc, kunokuba ibhekisele ngqo ku-alias ye-DirtyDecrypt/DirtyCBC njengokungena okuhlukile. Ngakho-ke, kulungile kakhulu ukubhala: I-DirtyDecrypt cishe ihambisana noma ihlobene eduze ne-CVE-2026-31635, kunokuba bathi yigama elisemthethweni le-CVE.
I-kernel enale nketho evuliwe iyadingeka ukuze isebenze. I-CONFIG_RXGK, okuhlanganisa ukwesekwa kwe-RxGK kweklayenti le-AFS kanye nokuthuthwa kwenethiwekhi. Lokhu kunciphisa kakhulu ububanzi bezinhlelo ezithintekile: ngokuyinhloko, kuphathelene nokusatshalaliswa okulandela ngokushesha i-kernel ephezulu, okuhlanganisa Fedora, Arch Linux и vulaSUSE TumbleweedI-BleepingComputer igcizelela ukuthi i-V12 PoC eshicilelwe ihlolwe kuphela ku-Fedora kanye ne-kernel eyinhloko.
I-DirtyDecrypt ivele ngemuva kochungechunge lonke lwemikhiqizo efanayo Linux Ubuthakathaka be-LPE. Okwavezwa ngaphambilini Ukuhluleka Kokukopisha ku-algif_aead, Ingcezu Engcolile ezingxenyeni zenethiwekhi, bese kuba I-Fragnesia ku-XFRM ESP-in-TCP Microsoft kuchaziwe I-Dirty Frag njengokwenyuka kwamalungelo endawo ngokusebenzisa izingxenye ze-esp4, esp6, kanye ne-rxrpc, okuvumela umhlaseli ukuthi athole ukufinyelela kwendawo futhi athole indawo ohlelweni.
Ingozi engokoqobo yamaphutha anjalo ukuthi avame ukusetshenziswa kabi ngemva kokwephulwa kokuqala: isibonelo, ngemva kokufaka engcupheni i-akhawunti ye-SSH, igobolondo lewebhu, isitsha esisengozini, noma umsebenzisi wesevisi onelungelo eliphansi. Ngemva kokuthola ukufinyelela kwezimpande, umhlaseli angakhubaza izilawuli zokuphepha, afunde izimfihlo, ashintshe amalogi, asebenzise ukuphikelela, futhi aqhubekele phambili engqalasizinda.
Abasebenzisi bokusatshalaliswa kwe-rolling-release okungenzeka kuthinteke bayelulekwa ukuthi bafake izibuyekezo zakamuva ze-kernel. Ezinhlelweni lapho izibuyekezo ezisheshayo zingenzeki khona, izincwadi zikhuluma ngezixazululo zesikhashana njengokukhubaza amamojula e-rxrpc angasetshenziswanga kanye nezingxenye ezihlobene. Kodwa-ke, izindlela ezinjalo zokubhekana nazo zingase ziphule i-AFS kanye nezinye izimo ze-IPsec/VPN, ngakho-ke kufanele zisetshenziswe kuphela ngemva kokuqinisekisa umthelela ohlelweni oluthile.
Kokufakwa okuningi kwedeskithophu kanye neseva, ingozi cishe iphansi kune-Copy Fail: DirtyDecrypt idinga ukucushwa kwe-kernel ethile kanye nokusetshenziswa kwekhodi yendawo. Kodwa-ke, ku-Fedora, i-Arch Linux, i-openSUSE Tumbleweed, kanye nezinye izinhlelo ezinezibuyekezo ze-kernel ezisheshayo, le nkinga ifanelwe ukunakwa: akuseyona umbiko wethiyori, kodwa ubuthakathaka obunobufakazi obushicilelwe bomqondo kanye nendlela ecacile yokwenyuka kwamalungelo.
Source: linux.org.ru
