Ukuba sengozini (CVE-2022-0435) kukhonjwe kumojula ye-Linux kernel eqinisekisa ukusebenza kwephrothokholi yenethiwekhi ye-TIPC (Transparent Inter-process Communication), okungenzeka ivumele ikhodi ukuthi isetshenziswe ezingeni le-kernel ngokuthumela inethiwekhi eklanywe ngokukhethekile. iphakethe. Inkinga ithinta kuphela amasistimu anemojula ye-tipc.ko kernel elayishiwe kanye nesitaki se-TIPC esilungisiwe, esivame ukusetshenziswa kumaqoqo futhi asinikwa amandla ngokuzenzakalela ekusabalaliseni kwe-Linux okungakhethekile.
Kuyaphawulwa ukuthi uma wakha i-kernel kumodi ye-"CONFIG_FORTIFY_SRC=y" (esetshenziswa ku-RHEL), eyengeza ukuhlola kwemingcele eyengeziwe kumsebenzi we-memcpy(), ukusebenza kukhawulelwe esitobhini esiphuthumayo (i-kernel panics). Uma kusetshenziswa ngaphandle kokuhlolwa okwengeziwe futhi uma ulwazi mayelana nomaka be-canary abasetshenziselwa ukuvikela isitaki luputshuziwe, inkinga ingasetshenziselwa ukwenza ikhodi yesilawuli kude ngamalungelo e-kernel. Abacwaningi abahlonze inkinga bathi indlela yokuxhaphaza incane futhi izodalulwa ngemva kokuqedwa okusabalele kokuba sengozini ekusatshalalisweni.
Ukuba sengozini kubangelwa ukuchichima kwesitaki okwenzeka lapho kucutshungulwa amaphakethe, inani lenkambu enenani lamanodi elungu lesizinda elingaphezu kuka-64. Ukugcina amapharamitha wamanodi kumojula ye-tipc.ko, uhlu olungaguquki “amalungu e-u32[64] ]” kusetshenziswa, kodwa ngesikhathi sokucubungula okushiwo ephaketheni Inombolo ye-node ayilihloli inani elithi "member_cnt", elivumela amanani angaphezu kuka-64 ukuthi asetshenziselwe ukubhala ngaphezulu okulawulwayo kwedatha endaweni yenkumbulo elandelayo. esakhiweni esithi "dom_bef" kusitaki.
Isiphazamisi esiholela ekubeni sengozini yethulwa ngoJuni 15, 2016 futhi yafakwa ku-Linux 4.8 kernel. Ukuba sengozini kuye kwasingathwa ekukhishweni kwe-Linux kernel 5.16.9, 5.15.23, 5.10.100, 5.4.179, 4.19.229, 4.14.266, kanye ne-4.9.301. Kuma-kernels wokusabalalisa okuningi inkinga ihlala ingalungisiwe: RHEL, Debian, Ubuntu, SUSE, Fedora, Gentoo, Arch Linux.
Iphrothokholi ye-TIPC yasungulwa ngu-Ericsson, eklanyelwe ukuhlela ukuxhumana phakathi kwezinqubo kwiqoqo futhi yenziwa yasebenza kakhulu kuma-cluster node. I-TIPC ingasebenza nge-Ethernet noma i-UDP (imbobo yenethiwekhi engu-6118). Uma usebenza nge-Ethernet, ukuhlasela kungenziwa kunethiwekhi yendawo, futhi uma usebenzisa i-UDP, kusukela kunethiwekhi yomhlaba wonke uma ichweba lingamboziwe i-firewall. Ukuhlasela kungenziwa futhi umsebenzisi wendawo ongavikelekile womsingathi. Ukuze uvule i-TIPC, udinga ukulanda imojula ye-tipc.ko kernel futhi ulungiselele ukubophezela ku-interface yenethiwekhi usebenzisa i-netlink noma insiza ye-tipc.
Source: opennet.ru