Imininingwane idaluliwe mayelana nokuba sengozini kwe-CVE-2023-6200) kusitaki senethiwekhi ye-Linux kernel, okuthi, ngaphansi kwezimo ezithile, ivumele umhlaseli ovela kunethiwekhi yendawo ukuthi afeze ukusetshenziswa kwekhodi yakhe ngokuthumela iphakethe le-ICMPv6 eliklanywe ngokukhethekile. umlayezo we-RA (Isikhangiso Somzila) ohloselwe ukukhangisa ulwazi olumayelana nomzila.
Ukuba sengozini kungasetshenziswa kuphela kunethiwekhi yendawo futhi kuvela kumasistimu anosekelo lwe-IPv6 olunikwe amandla kanye nepharamitha ye-sysctl “net.ipv6.conf.<network_interface_name>.accept_ra” esebenzayo (ingahlolwa ngomyalo othi “sysctl net.ipv6.conf | grep accept_ra”) , evimbelwe ngokuzenzakalela ku-RHEL naku-Ubuntu kunethiwekhi yangaphandle, kodwa inikwe amandla ku-loopback interface, evumela ukuhlasela okuvela ohlelweni olufanayo.
Ukuba sengozini kubangelwa isimo somjaho lapho umqoqi kadoti ecubungula amarekhodi adala e-fib6_info, okungaholela ekufinyeleleni endaweni yenkumbulo esivele ikhululiwe (ukusebenzisa ngemva kokukhululeka). Lapho uthola iphakethe le-ICMPv6 elinomlayezo wesikhangiso somzila (i-RA, Isikhangiso Somzila), isitaki senethiwekhi sibiza umsebenzi we-ndisc_router_discovery(), okuthi, uma umlayezo we-RA uqukethe ulwazi mayelana nesikhathi sokuphila somzila, ushayele umsebenzi we-fib6_set_expires() bese ugcwalisa i-gc_link. isakhiwo. Ukuze uhlanze okufakiwe okuphelelwe yisikhathi, sebenzisa umsebenzi we-fib6_clean_expires(), okhipha okufakiwe ku-gc_link futhi usule inkumbulo esetshenziswe isakhiwo se-fib6_info. Kulokhu, kunesikhathi esithile lapho inkumbulo yesakhiwo se-fib6_info isivele ikhululiwe, kodwa isixhumanisi kuso siyaqhubeka nokuba sesakhiweni se-gc_link.
Ukuba sengozini kubonakale kusukela kugatsha 6.6 futhi kwalungiswa kuzinguqulo 6.6.9 kanye no-6.7. Isimo sokulungisa ukuba sengozini ekusatshalalisweni singahlolwa kulawa makhasi: I-Debian, Ubuntu, SUSE, RHEL, Fedora, Arch Linux, Gentoo, Slackware. Phakathi kokusatshalaliswa okuthunyelwa ngamaphakheji nge-6.6 kernel, singaphawula i-Arch Linux, iGentoo, i-Fedora, i-Slackware, i-OpenMandriva ne-Manjaro; kokunye ukusatshalaliswa, kungenzeka ukuthi uguquko olunephutha lubuyiselwe emaphaketheni anamagatsha amadala e-kernel (for isibonelo, ku-Debian kushiwo ukuthi iphakheji ene-kernel 6.5.13 isengozini, kuyilapho ushintsho oluyinkinga luvele egatsheni le-6.6). Njengendlela yokuphepha, ungakhubaza i-IPv6 noma usethe imingcele ye-“net.ipv0.conf.*.accept_ra” ibe ngu-6.
Source: opennet.ru